Vulnerabilites related to netscape - navigator
CVE-2004-0904 (GCVE-0-2004-0904)
Vulnerability from cvelistv5
Published
2004-09-24 04:00
Modified
2024-08-08 00:31
Severity ?
CWE
  • n/a
Summary
Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:31:47.831Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "mozilla-netscape-bmp-bo(17381)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17381"
          },
          {
            "name": "SUSE-SA:2004:036",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html"
          },
          {
            "name": "FLSA:2089",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=255067"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3"
          },
          {
            "name": "GLSA-200409-26",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200409-26.xml"
          },
          {
            "name": "11171",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/11171"
          },
          {
            "name": "TA04-261A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA04-261A.html"
          },
          {
            "name": "SSRT4826",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=109698896104418\u0026w=2"
          },
          {
            "name": "oval:org.mitre.oval:def:10952",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10952"
          },
          {
            "name": "VU#847200",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/847200"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-09-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "mozilla-netscape-bmp-bo(17381)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17381"
        },
        {
          "name": "SUSE-SA:2004:036",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html"
        },
        {
          "name": "FLSA:2089",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=255067"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3"
        },
        {
          "name": "GLSA-200409-26",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200409-26.xml"
        },
        {
          "name": "11171",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/11171"
        },
        {
          "name": "TA04-261A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA04-261A.html"
        },
        {
          "name": "SSRT4826",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=109698896104418\u0026w=2"
        },
        {
          "name": "oval:org.mitre.oval:def:10952",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10952"
        },
        {
          "name": "VU#847200",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/847200"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0904",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "mozilla-netscape-bmp-bo(17381)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17381"
            },
            {
              "name": "SUSE-SA:2004:036",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html"
            },
            {
              "name": "FLSA:2089",
              "refsource": "FEDORA",
              "url": "http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2"
            },
            {
              "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=255067",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=255067"
            },
            {
              "name": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3"
            },
            {
              "name": "GLSA-200409-26",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200409-26.xml"
            },
            {
              "name": "11171",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/11171"
            },
            {
              "name": "TA04-261A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA04-261A.html"
            },
            {
              "name": "SSRT4826",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=109698896104418\u0026w=2"
            },
            {
              "name": "oval:org.mitre.oval:def:10952",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10952"
            },
            {
              "name": "VU#847200",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/847200"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-0904",
    "datePublished": "2004-09-24T04:00:00",
    "dateReserved": "2004-09-23T00:00:00",
    "dateUpdated": "2024-08-08T00:31:47.831Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2003-0553 (GCVE-0-2003-0553)
Vulnerability from cvelistv5
Published
2003-07-15 04:00
Modified
2024-08-08 01:58
Severity ?
CWE
  • n/a
Summary
Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) for Netscape 7.02 allows remote attackers to execute arbitrary code via an attachment with a long filename.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:58:10.977Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20030714 Netscape 7.02 Client Detection Tool plug-in buffer overrun",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=105820193406838\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://jimmers.russia.webmatrixhosting.net/whitepapers/CDTbug.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-07-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) for Netscape 7.02 allows remote attackers to execute arbitrary code via an attachment with a long filename."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-10-17T13:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20030714 Netscape 7.02 Client Detection Tool plug-in buffer overrun",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=105820193406838\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://jimmers.russia.webmatrixhosting.net/whitepapers/CDTbug.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0553",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) for Netscape 7.02 allows remote attackers to execute arbitrary code via an attachment with a long filename."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20030714 Netscape 7.02 Client Detection Tool plug-in buffer overrun",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=105820193406838\u0026w=2"
            },
            {
              "name": "http://jimmers.russia.webmatrixhosting.net/whitepapers/CDTbug.pdf",
              "refsource": "MISC",
              "url": "http://jimmers.russia.webmatrixhosting.net/whitepapers/CDTbug.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-0553",
    "datePublished": "2003-07-15T04:00:00",
    "dateReserved": "2003-07-14T00:00:00",
    "dateUpdated": "2024-08-08T01:58:10.977Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-2542 (GCVE-0-2009-2542)
Vulnerability from cvelistv5
Published
2009-07-20 18:00
Modified
2024-08-07 05:52
Severity ?
CWE
  • n/a
Summary
Netscape 6 and 8 allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:52:15.242Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.g-sec.lu/one-bug-to-rule-them-all.html"
          },
          {
            "name": "20090715 Re:[GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/504988/100/0/threaded"
          },
          {
            "name": "netscape-integer-value-dos(52876)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52876"
          },
          {
            "name": "20090716 Re[2]: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/505006/100/0/threaded"
          },
          {
            "name": "9160",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/9160"
          },
          {
            "name": "20090715 [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/504969/100/0/threaded"
          },
          {
            "name": "20090715 Re: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/504989/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-07-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Netscape 6 and 8 allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.g-sec.lu/one-bug-to-rule-them-all.html"
        },
        {
          "name": "20090715 Re:[GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/504988/100/0/threaded"
        },
        {
          "name": "netscape-integer-value-dos(52876)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52876"
        },
        {
          "name": "20090716 Re[2]: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/505006/100/0/threaded"
        },
        {
          "name": "9160",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/9160"
        },
        {
          "name": "20090715 [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/504969/100/0/threaded"
        },
        {
          "name": "20090715 Re: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/504989/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-2542",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Netscape 6 and 8 allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.g-sec.lu/one-bug-to-rule-them-all.html",
              "refsource": "MISC",
              "url": "http://www.g-sec.lu/one-bug-to-rule-them-all.html"
            },
            {
              "name": "20090715 Re:[GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/504988/100/0/threaded"
            },
            {
              "name": "netscape-integer-value-dos(52876)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52876"
            },
            {
              "name": "20090716 Re[2]: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/505006/100/0/threaded"
            },
            {
              "name": "9160",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/9160"
            },
            {
              "name": "20090715 [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/504969/100/0/threaded"
            },
            {
              "name": "20090715 Re: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/504989/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-2542",
    "datePublished": "2009-07-20T18:00:00",
    "dateReserved": "2009-07-20T00:00:00",
    "dateUpdated": "2024-08-07T05:52:15.242Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-0989 (GCVE-0-2005-0989)
Vulnerability from cvelistv5
Published
2005-04-06 04:00
Modified
2024-08-07 21:35
Severity ?
CWE
  • n/a
Summary
The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method.
References
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100025 vdb-entry, signature, x_refsource_OVAL
http://www.redhat.com/support/errata/RHSA-2005-386.html vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/12988 vdb-entry, x_refsource_BID
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt vendor-advisory, x_refsource_SCO
http://secunia.com/advisories/14820 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/19823 third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/15495 vdb-entry, x_refsource_BID
http://securitytracker.com/id?1013635 vdb-entry, x_refsource_SECTRACK
http://www.redhat.com/support/errata/RHSA-2005-601.html vendor-advisory, x_refsource_REDHAT
http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml vendor-advisory, x_refsource_GENTOO
http://securitytracker.com/id?1013643 vdb-entry, x_refsource_SECTRACK
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11706 vdb-entry, signature, x_refsource_OVAL
http://www.redhat.com/support/errata/RHSA-2005-384.html vendor-advisory, x_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2005-383.html vendor-advisory, x_refsource_REDHAT
http://www.novell.com/linux/security/advisories/2006_04_25.html vendor-advisory, x_refsource_SUSE
https://bugzilla.mozilla.org/show_bug.cgi?id=288688 x_refsource_CONFIRM
http://www.mozilla.org/security/announce/mfsa2005-33.html x_refsource_CONFIRM
http://secunia.com/advisories/14821 third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T21:35:59.891Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:100025",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100025"
          },
          {
            "name": "RHSA-2005:386",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-386.html"
          },
          {
            "name": "12988",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/12988"
          },
          {
            "name": "SCOSA-2005.49",
            "tags": [
              "vendor-advisory",
              "x_refsource_SCO",
              "x_transferred"
            ],
            "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
          },
          {
            "name": "14820",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/14820"
          },
          {
            "name": "19823",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19823"
          },
          {
            "name": "15495",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15495"
          },
          {
            "name": "1013635",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1013635"
          },
          {
            "name": "RHSA-2005:601",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-601.html"
          },
          {
            "name": "GLSA-200504-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml"
          },
          {
            "name": "1013643",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1013643"
          },
          {
            "name": "oval:org.mitre.oval:def:11706",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11706"
          },
          {
            "name": "RHSA-2005:384",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-384.html"
          },
          {
            "name": "RHSA-2005:383",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-383.html"
          },
          {
            "name": "SUSE-SA:2006:022",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_04_25.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=288688"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/mfsa2005-33.html"
          },
          {
            "name": "14821",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/14821"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-04-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:100025",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100025"
        },
        {
          "name": "RHSA-2005:386",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-386.html"
        },
        {
          "name": "12988",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/12988"
        },
        {
          "name": "SCOSA-2005.49",
          "tags": [
            "vendor-advisory",
            "x_refsource_SCO"
          ],
          "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
        },
        {
          "name": "14820",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/14820"
        },
        {
          "name": "19823",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19823"
        },
        {
          "name": "15495",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15495"
        },
        {
          "name": "1013635",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1013635"
        },
        {
          "name": "RHSA-2005:601",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-601.html"
        },
        {
          "name": "GLSA-200504-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml"
        },
        {
          "name": "1013643",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1013643"
        },
        {
          "name": "oval:org.mitre.oval:def:11706",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11706"
        },
        {
          "name": "RHSA-2005:384",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-384.html"
        },
        {
          "name": "RHSA-2005:383",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-383.html"
        },
        {
          "name": "SUSE-SA:2006:022",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_04_25.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=288688"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/mfsa2005-33.html"
        },
        {
          "name": "14821",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/14821"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-0989",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:100025",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100025"
            },
            {
              "name": "RHSA-2005:386",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2005-386.html"
            },
            {
              "name": "12988",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/12988"
            },
            {
              "name": "SCOSA-2005.49",
              "refsource": "SCO",
              "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
            },
            {
              "name": "14820",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/14820"
            },
            {
              "name": "19823",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19823"
            },
            {
              "name": "15495",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/15495"
            },
            {
              "name": "1013635",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1013635"
            },
            {
              "name": "RHSA-2005:601",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2005-601.html"
            },
            {
              "name": "GLSA-200504-18",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml"
            },
            {
              "name": "1013643",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1013643"
            },
            {
              "name": "oval:org.mitre.oval:def:11706",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11706"
            },
            {
              "name": "RHSA-2005:384",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2005-384.html"
            },
            {
              "name": "RHSA-2005:383",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2005-383.html"
            },
            {
              "name": "SUSE-SA:2006:022",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2006_04_25.html"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=288688",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=288688"
            },
            {
              "name": "http://www.mozilla.org/security/announce/mfsa2005-33.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/mfsa2005-33.html"
            },
            {
              "name": "14821",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/14821"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-0989",
    "datePublished": "2005-04-06T04:00:00",
    "dateReserved": "2005-04-06T00:00:00",
    "dateUpdated": "2024-08-07T21:35:59.891Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2002-1308 (GCVE-0-2002-1308)
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:19
Severity ?
CWE
  • n/a
Summary
Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T03:19:28.634Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20021114 Netscape/Mozilla: Exploitable heap corruption via jar: URI handler.",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=103730181813075\u0026w=2"
          },
          {
            "name": "mozilla-netscape-jar-bo(10636)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10636"
          },
          {
            "name": "6185",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/6185"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=157646"
          },
          {
            "name": "RHSA-2003:163",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-163.html"
          },
          {
            "name": "RHSA-2003:162",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-162.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-11-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2004-08-04T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20021114 Netscape/Mozilla: Exploitable heap corruption via jar: URI handler.",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=103730181813075\u0026w=2"
        },
        {
          "name": "mozilla-netscape-jar-bo(10636)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10636"
        },
        {
          "name": "6185",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/6185"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=157646"
        },
        {
          "name": "RHSA-2003:163",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-163.html"
        },
        {
          "name": "RHSA-2003:162",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-162.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-1308",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20021114 Netscape/Mozilla: Exploitable heap corruption via jar: URI handler.",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=103730181813075\u0026w=2"
            },
            {
              "name": "mozilla-netscape-jar-bo(10636)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10636"
            },
            {
              "name": "6185",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/6185"
            },
            {
              "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=157646",
              "refsource": "MISC",
              "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=157646"
            },
            {
              "name": "RHSA-2003:163",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-163.html"
            },
            {
              "name": "RHSA-2003:162",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-162.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-1308",
    "datePublished": "2004-09-01T04:00:00",
    "dateReserved": "2002-11-15T00:00:00",
    "dateUpdated": "2024-08-08T03:19:28.634Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-1156 (GCVE-0-2005-1156)
Vulnerability from cvelistv5
Published
2005-04-18 04:00
Modified
2024-08-07 21:35
Severity ?
CWE
  • n/a
Summary
Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1."
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T21:35:59.977Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2005:386",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-386.html"
          },
          {
            "name": "oval:org.mitre.oval:def:11230",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11230"
          },
          {
            "name": "14992",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/14992"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/mfsa2005-38.html"
          },
          {
            "name": "SCOSA-2005.49",
            "tags": [
              "vendor-advisory",
              "x_refsource_SCO",
              "x_transferred"
            ],
            "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
          },
          {
            "name": "15495",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15495"
          },
          {
            "name": "GLSA-200504-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml"
          },
          {
            "name": "oval:org.mitre.oval:def:100020",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100020"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.mikx.de/firesearching/"
          },
          {
            "name": "1013745",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1013745"
          },
          {
            "name": "14938",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/14938"
          },
          {
            "name": "mozilla-plugin-xss(20125)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20125"
          },
          {
            "name": "RHSA-2005:384",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-384.html"
          },
          {
            "name": "RHSA-2005:383",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-383.html"
          },
          {
            "name": "13211",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/13211"
          },
          {
            "name": "14996",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/14996"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=290037"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-04-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka \"Firesearching 1.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2005:386",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-386.html"
        },
        {
          "name": "oval:org.mitre.oval:def:11230",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11230"
        },
        {
          "name": "14992",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/14992"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/mfsa2005-38.html"
        },
        {
          "name": "SCOSA-2005.49",
          "tags": [
            "vendor-advisory",
            "x_refsource_SCO"
          ],
          "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
        },
        {
          "name": "15495",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15495"
        },
        {
          "name": "GLSA-200504-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml"
        },
        {
          "name": "oval:org.mitre.oval:def:100020",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100020"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.mikx.de/firesearching/"
        },
        {
          "name": "1013745",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1013745"
        },
        {
          "name": "14938",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/14938"
        },
        {
          "name": "mozilla-plugin-xss(20125)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20125"
        },
        {
          "name": "RHSA-2005:384",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-384.html"
        },
        {
          "name": "RHSA-2005:383",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-383.html"
        },
        {
          "name": "13211",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/13211"
        },
        {
          "name": "14996",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/14996"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=290037"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2005-1156",
    "datePublished": "2005-04-18T04:00:00",
    "dateReserved": "2005-04-18T00:00:00",
    "dateUpdated": "2024-08-07T21:35:59.977Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2004-1753 (GCVE-0-2004-1753)
Vulnerability from cvelistv5
Published
2005-02-26 05:00
Modified
2024-08-08 01:00
Severity ?
CWE
  • n/a
Summary
The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs.
References
http://www.securityfocus.com/archive/1/373309 mailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/12392 third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/373080 mailing-list, x_refsource_BUGTRAQ
https://exchange.xforce.ibmcloud.com/vulnerabilities/17137 vdb-entry, x_refsource_XF
http://www.securityfocus.com/archive/1/373232 mailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/bid/11059 vdb-entry, x_refsource_BID
http://bugzilla.mozilla.org/show_bug.cgi?id=162134 x_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:00:37.238Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20040827 Re: Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/373309"
          },
          {
            "name": "12392",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/12392"
          },
          {
            "name": "20040826 Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/373080"
          },
          {
            "name": "netscape-java-tab-spoofing(17137)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17137"
          },
          {
            "name": "20040827 Re: Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/373232"
          },
          {
            "name": "11059",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/11059"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=162134"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-08-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20040827 Re: Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/373309"
        },
        {
          "name": "12392",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/12392"
        },
        {
          "name": "20040826 Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/373080"
        },
        {
          "name": "netscape-java-tab-spoofing(17137)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17137"
        },
        {
          "name": "20040827 Re: Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/373232"
        },
        {
          "name": "11059",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/11059"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=162134"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-1753",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20040827 Re: Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/373309"
            },
            {
              "name": "12392",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/12392"
            },
            {
              "name": "20040826 Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/373080"
            },
            {
              "name": "netscape-java-tab-spoofing(17137)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17137"
            },
            {
              "name": "20040827 Re: Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/373232"
            },
            {
              "name": "11059",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/11059"
            },
            {
              "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=162134",
              "refsource": "MISC",
              "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=162134"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-1753",
    "datePublished": "2005-02-26T05:00:00",
    "dateReserved": "2005-02-26T00:00:00",
    "dateUpdated": "2024-08-08T01:00:37.238Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-1999-0869 (GCVE-0-1999-0869)
Vulnerability from cvelistv5
Published
2000-01-04 05:00
Modified
2024-08-01 16:55
Severity ?
CWE
  • n/a
Summary
Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T16:55:28.864Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MS98-020",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-020"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-11-02T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "MS98-020",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-020"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-1999-0869",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MS98-020",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-020"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-1999-0869",
    "datePublished": "2000-01-04T05:00:00",
    "dateReserved": "1999-12-08T00:00:00",
    "dateUpdated": "2024-08-01T16:55:28.864Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-1999-0827 (GCVE-0-1999-0827)
Vulnerability from cvelistv5
Published
2000-02-04 05:00
Modified
2024-08-01 16:48
Severity ?
CWE
  • n/a
Summary
By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T16:48:38.083Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0827"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "1999-11-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "By default, Internet Explorer 5.0 and other versions enables the \"Navigate sub-frames across different domains\" option, which allows frame spoofing."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-17T08:02:07",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0827"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-1999-0827",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "By default, Internet Explorer 5.0 and other versions enables the \"Navigate sub-frames across different domains\" option, which allows frame spoofing."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0827",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0827"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-1999-0827",
    "datePublished": "2000-02-04T05:00:00",
    "dateReserved": "1999-12-07T00:00:00",
    "dateUpdated": "2024-08-01T16:48:38.083Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2004-0722 (GCVE-0-2004-0722)
Vulnerability from cvelistv5
Published
2004-08-03 04:00
Modified
2024-08-08 00:24
Severity ?
CWE
  • n/a
Summary
Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:24:27.239Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SCOSA-2005.49",
            "tags": [
              "vendor-advisory",
              "x_refsource_SCO",
              "x_transferred"
            ],
            "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
          },
          {
            "name": "SUSE-SA:2004:036",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html"
          },
          {
            "name": "RHSA-2004:421",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-421.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=236618"
          },
          {
            "name": "oval:org.mitre.oval:def:9378",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9378"
          },
          {
            "name": "15495",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15495"
          },
          {
            "name": "mozilla-netscape-soapparameter-bo(16862)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16862"
          },
          {
            "name": "oval:org.mitre.oval:def:4629",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4629"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.idefense.com/application/poi/display?id=117\u0026type=vulnerabilities"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-08-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "SCOSA-2005.49",
          "tags": [
            "vendor-advisory",
            "x_refsource_SCO"
          ],
          "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
        },
        {
          "name": "SUSE-SA:2004:036",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html"
        },
        {
          "name": "RHSA-2004:421",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2004-421.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=236618"
        },
        {
          "name": "oval:org.mitre.oval:def:9378",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9378"
        },
        {
          "name": "15495",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15495"
        },
        {
          "name": "mozilla-netscape-soapparameter-bo(16862)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16862"
        },
        {
          "name": "oval:org.mitre.oval:def:4629",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4629"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.idefense.com/application/poi/display?id=117\u0026type=vulnerabilities"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0722",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SCOSA-2005.49",
              "refsource": "SCO",
              "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
            },
            {
              "name": "SUSE-SA:2004:036",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html"
            },
            {
              "name": "RHSA-2004:421",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2004-421.html"
            },
            {
              "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=236618",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=236618"
            },
            {
              "name": "oval:org.mitre.oval:def:9378",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9378"
            },
            {
              "name": "15495",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/15495"
            },
            {
              "name": "mozilla-netscape-soapparameter-bo(16862)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16862"
            },
            {
              "name": "oval:org.mitre.oval:def:4629",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4629"
            },
            {
              "name": "http://www.idefense.com/application/poi/display?id=117\u0026type=vulnerabilities",
              "refsource": "MISC",
              "url": "http://www.idefense.com/application/poi/display?id=117\u0026type=vulnerabilities"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-0722",
    "datePublished": "2004-08-03T04:00:00",
    "dateReserved": "2004-07-22T00:00:00",
    "dateUpdated": "2024-08-08T00:24:27.239Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2002-0815 (GCVE-0-2002-0815)
Vulnerability from cvelistv5
Published
2002-08-01 04:00
Modified
2024-08-08 03:03
Severity ?
CWE
  • n/a
Summary
The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain.
References
http://marc.info/?l=bugtraq&m=102798282208686&w=2 mailing-list, x_refsource_BUGTRAQ
http://marc.info/?l=bugtraq&m=102796732924658&w=2 mailing-list, x_refsource_BUGTRAQ
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T03:03:48.882Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20020729 RE: XWT Foundation Advisory",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=102798282208686\u0026w=2"
          },
          {
            "name": "20020729 XWT Foundation Advisory: Firewall circumvention possible with all browsers",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=102796732924658\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-07-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Javascript \"Same Origin Policy\" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server\u0027s parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-10-17T13:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20020729 RE: XWT Foundation Advisory",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=102798282208686\u0026w=2"
        },
        {
          "name": "20020729 XWT Foundation Advisory: Firewall circumvention possible with all browsers",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=102796732924658\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-0815",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Javascript \"Same Origin Policy\" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server\u0027s parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20020729 RE: XWT Foundation Advisory",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=102798282208686\u0026w=2"
            },
            {
              "name": "20020729 XWT Foundation Advisory: Firewall circumvention possible with all browsers",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=102796732924658\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-0815",
    "datePublished": "2002-08-01T04:00:00",
    "dateReserved": "2002-07-30T00:00:00",
    "dateUpdated": "2024-08-08T03:03:48.882Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2002-2013 (GCVE-0-2002-2013)
Vulnerability from cvelistv5
Published
2005-07-14 04:00
Modified
2024-09-16 20:12
Severity ?
CWE
  • n/a
Summary
Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T03:51:16.501Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "3925",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/3925"
          },
          {
            "name": "20020121 Mozilla Cookie Exploit",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0270.html"
          },
          {
            "name": "mozilla-netscape-steal-cookies(7973)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/7973.php"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://alive.znep.com/~marcs/security/mozillacookie/demo.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-07-14T04:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "3925",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/3925"
        },
        {
          "name": "20020121 Mozilla Cookie Exploit",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0270.html"
        },
        {
          "name": "mozilla-netscape-steal-cookies(7973)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/7973.php"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://alive.znep.com/~marcs/security/mozillacookie/demo.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-2013",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "3925",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/3925"
            },
            {
              "name": "20020121 Mozilla Cookie Exploit",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0270.html"
            },
            {
              "name": "mozilla-netscape-steal-cookies(7973)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/7973.php"
            },
            {
              "name": "http://alive.znep.com/~marcs/security/mozillacookie/demo.html",
              "refsource": "MISC",
              "url": "http://alive.znep.com/~marcs/security/mozillacookie/demo.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-2013",
    "datePublished": "2005-07-14T04:00:00Z",
    "dateReserved": "2005-07-14T00:00:00Z",
    "dateUpdated": "2024-09-16T20:12:45.799Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-1999-1189 (GCVE-0-1999-1189)
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-01 17:02
Severity ?
CWE
  • n/a
Summary
Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file.
References
http://www.securityfocus.com/bid/822 vdb-entry, x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/7884 vdb-entry, x_refsource_XF
http://www.securityfocus.com/archive/1/36608 mailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/36306 mailing-list, x_refsource_BUGTRAQ
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T17:02:53.765Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "822",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/822"
          },
          {
            "name": "netscape-long-argument-bo(7884)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7884"
          },
          {
            "name": "19991127 Netscape Communicator 4.7 - Navigator Overflows",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/36608"
          },
          {
            "name": "19991124 Netscape Communicator 4.7 - Navigator Overflows",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/36306"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "1999-11-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2004-07-23T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "822",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/822"
        },
        {
          "name": "netscape-long-argument-bo(7884)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7884"
        },
        {
          "name": "19991127 Netscape Communicator 4.7 - Navigator Overflows",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/36608"
        },
        {
          "name": "19991124 Netscape Communicator 4.7 - Navigator Overflows",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/36306"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-1999-1189",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "822",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/822"
            },
            {
              "name": "netscape-long-argument-bo(7884)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7884"
            },
            {
              "name": "19991127 Netscape Communicator 4.7 - Navigator Overflows",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/36608"
            },
            {
              "name": "19991124 Netscape Communicator 4.7 - Navigator Overflows",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/36306"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-1999-1189",
    "datePublished": "2004-09-01T04:00:00",
    "dateReserved": "2001-08-31T00:00:00",
    "dateUpdated": "2024-08-01T17:02:53.765Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2000-0087 (GCVE-0-2000-0087)
Vulnerability from cvelistv5
Published
2002-06-25 04:00
Modified
2024-08-08 05:05
Severity ?
CWE
  • n/a
Summary
Netscape Mail Notification (nsnotify) utility in Netscape Communicator uses IMAP without SSL, even if the user has set a preference for Communicator to use an SSL connection, allowing a remote attacker to sniff usernames and passwords in plaintext.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T05:05:53.921Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20000113 Misleading sense of security in Netscape",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=94790377622943\u0026w=2"
          },
          {
            "name": "netscape-mail-notify-plaintext(4385)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/4385.php"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2000-01-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Netscape Mail Notification (nsnotify) utility in Netscape Communicator uses IMAP without SSL, even if the user has set a preference for Communicator to use an SSL connection, allowing a remote attacker to sniff usernames and passwords in plaintext."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2002-02-18T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20000113 Misleading sense of security in Netscape",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=94790377622943\u0026w=2"
        },
        {
          "name": "netscape-mail-notify-plaintext(4385)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/4385.php"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2000-0087",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Netscape Mail Notification (nsnotify) utility in Netscape Communicator uses IMAP without SSL, even if the user has set a preference for Communicator to use an SSL connection, allowing a remote attacker to sniff usernames and passwords in plaintext."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20000113 Misleading sense of security in Netscape",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=94790377622943\u0026w=2"
            },
            {
              "name": "netscape-mail-notify-plaintext(4385)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/4385.php"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2000-0087",
    "datePublished": "2002-06-25T04:00:00",
    "dateReserved": "2000-01-22T00:00:00",
    "dateUpdated": "2024-08-08T05:05:53.921Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2003-1419 (GCVE-0-2003-1419)
Vulnerability from cvelistv5
Published
2007-10-20 10:00
Modified
2024-08-08 02:28
Severity ?
CWE
  • n/a
Summary
Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T02:28:03.600Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20030225 Re: Netscape 6/7 crashes by a simple stylesheet...",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0338.html"
          },
          {
            "name": "6959",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/6959"
          },
          {
            "name": "netscape-javascript-reformatdate-dos(11444)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11444"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-02-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20030225 Re: Netscape 6/7 crashes by a simple stylesheet...",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0338.html"
        },
        {
          "name": "6959",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/6959"
        },
        {
          "name": "netscape-javascript-reformatdate-dos(11444)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11444"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-1419",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20030225 Re: Netscape 6/7 crashes by a simple stylesheet...",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0338.html"
            },
            {
              "name": "6959",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/6959"
            },
            {
              "name": "netscape-javascript-reformatdate-dos(11444)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11444"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-1419",
    "datePublished": "2007-10-20T10:00:00",
    "dateReserved": "2007-10-19T00:00:00",
    "dateUpdated": "2024-08-08T02:28:03.600Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2002-2061 (GCVE-0-2002-2061)
Vulnerability from cvelistv5
Published
2005-07-14 04:00
Modified
2024-08-08 03:51
Severity ?
CWE
  • n/a
Summary
Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T03:51:17.557Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html"
          },
          {
            "name": "MDKSA-2002:074",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2002:074"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=157202"
          },
          {
            "name": "links-png-image-bo(9287)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/9287.php"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-05-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2007-10-18T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html"
        },
        {
          "name": "MDKSA-2002:074",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2002:074"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=157202"
        },
        {
          "name": "links-png-image-bo(9287)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/9287.php"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-2061",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html"
            },
            {
              "name": "MDKSA-2002:074",
              "refsource": "MANDRAKE",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2002:074"
            },
            {
              "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=157202",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=157202"
            },
            {
              "name": "links-png-image-bo(9287)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/9287.php"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-2061",
    "datePublished": "2005-07-14T04:00:00",
    "dateReserved": "2005-07-14T00:00:00",
    "dateUpdated": "2024-08-08T03:51:17.557Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2004-0718 (GCVE-0-2004-0718)
Vulnerability from cvelistv5
Published
2004-07-23 04:00
Modified
2024-08-08 00:24
Severity ?
CWE
  • n/a
Summary
The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:24:27.203Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-810",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2005/dsa-810"
          },
          {
            "name": "DSA-777",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2005/dsa-777"
          },
          {
            "name": "http-frame-spoof(1598)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1598"
          },
          {
            "name": "SCOSA-2005.49",
            "tags": [
              "vendor-advisory",
              "x_refsource_SCO",
              "x_transferred"
            ],
            "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
          },
          {
            "name": "SUSE-SA:2004:036",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html"
          },
          {
            "name": "RHSA-2004:421",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-421.html"
          },
          {
            "name": "MDKSA-2004:082",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:082"
          },
          {
            "name": "FLSA:2089",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2"
          },
          {
            "name": "15495",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15495"
          },
          {
            "name": "11978",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/11978"
          },
          {
            "name": "oval:org.mitre.oval:def:4756",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4756"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=246448"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/"
          },
          {
            "name": "oval:org.mitre.oval:def:9997",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9997"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-07-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-810",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2005/dsa-810"
        },
        {
          "name": "DSA-777",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2005/dsa-777"
        },
        {
          "name": "http-frame-spoof(1598)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1598"
        },
        {
          "name": "SCOSA-2005.49",
          "tags": [
            "vendor-advisory",
            "x_refsource_SCO"
          ],
          "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
        },
        {
          "name": "SUSE-SA:2004:036",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html"
        },
        {
          "name": "RHSA-2004:421",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2004-421.html"
        },
        {
          "name": "MDKSA-2004:082",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:082"
        },
        {
          "name": "FLSA:2089",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2"
        },
        {
          "name": "15495",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15495"
        },
        {
          "name": "11978",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/11978"
        },
        {
          "name": "oval:org.mitre.oval:def:4756",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4756"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=246448"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/"
        },
        {
          "name": "oval:org.mitre.oval:def:9997",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9997"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0718",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-810",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2005/dsa-810"
            },
            {
              "name": "DSA-777",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2005/dsa-777"
            },
            {
              "name": "http-frame-spoof(1598)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1598"
            },
            {
              "name": "SCOSA-2005.49",
              "refsource": "SCO",
              "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
            },
            {
              "name": "SUSE-SA:2004:036",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html"
            },
            {
              "name": "RHSA-2004:421",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2004-421.html"
            },
            {
              "name": "MDKSA-2004:082",
              "refsource": "MANDRAKE",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:082"
            },
            {
              "name": "FLSA:2089",
              "refsource": "FEDORA",
              "url": "http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2"
            },
            {
              "name": "15495",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/15495"
            },
            {
              "name": "11978",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/11978"
            },
            {
              "name": "oval:org.mitre.oval:def:4756",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4756"
            },
            {
              "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=246448",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=246448"
            },
            {
              "name": "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/",
              "refsource": "MISC",
              "url": "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/"
            },
            {
              "name": "oval:org.mitre.oval:def:9997",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9997"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-0718",
    "datePublished": "2004-07-23T04:00:00",
    "dateReserved": "2004-07-22T00:00:00",
    "dateUpdated": "2024-08-08T00:24:27.203Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2003-1560 (GCVE-0-2003-1560)
Vulnerability from cvelistv5
Published
2008-07-14 23:00
Modified
2024-08-08 02:35
Severity ?
CWE
  • n/a
Summary
Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
References
http://securityreason.com/securityalert/4004 third-party-advisory, x_refsource_SREASON
http://www.securityfocus.com/archive/1/348574 mailing-list, x_refsource_BUGTRAQ
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T02:35:16.506Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "4004",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/4004"
          },
          {
            "name": "20031230 RE: IE 5.22 on Mac Transmitting HTTP Referer from Secure Page",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/348574"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-12-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-01-29T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "4004",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/4004"
        },
        {
          "name": "20031230 RE: IE 5.22 on Mac Transmitting HTTP Referer from Secure Page",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/348574"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-1560",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "4004",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/4004"
            },
            {
              "name": "20031230 RE: IE 5.22 on Mac Transmitting HTTP Referer from Secure Page",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/348574"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-1560",
    "datePublished": "2008-07-14T23:00:00",
    "dateReserved": "2008-07-14T00:00:00",
    "dateUpdated": "2024-08-08T02:35:16.506Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2000-1187 (GCVE-0-2000-1187)
Vulnerability from cvelistv5
Published
2001-01-22 05:00
Modified
2024-08-08 05:45
Severity ?
CWE
  • n/a
Summary
Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T05:45:37.393Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FreeBSD-SA-00:66",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:66.netscape.asc"
          },
          {
            "name": "SuSE-SA:2000:48",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.suse.com/archives/suse-security-announce/2000-Nov/0005.html"
          },
          {
            "name": "netscape-client-html-bo(5542)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5542"
          },
          {
            "name": "20001121 Immunix OS Security update for netscape",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=97500270012529\u0026w=2"
          },
          {
            "name": "7207",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/7207"
          },
          {
            "name": "CLSA-2000:344",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000344"
          },
          {
            "name": "RHSA-2000:109",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2000-109.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2000-11-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2004-09-02T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "FreeBSD-SA-00:66",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:66.netscape.asc"
        },
        {
          "name": "SuSE-SA:2000:48",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.suse.com/archives/suse-security-announce/2000-Nov/0005.html"
        },
        {
          "name": "netscape-client-html-bo(5542)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5542"
        },
        {
          "name": "20001121 Immunix OS Security update for netscape",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=97500270012529\u0026w=2"
        },
        {
          "name": "7207",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/7207"
        },
        {
          "name": "CLSA-2000:344",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000344"
        },
        {
          "name": "RHSA-2000:109",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2000-109.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2000-1187",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "FreeBSD-SA-00:66",
              "refsource": "FREEBSD",
              "url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:66.netscape.asc"
            },
            {
              "name": "SuSE-SA:2000:48",
              "refsource": "SUSE",
              "url": "http://lists.suse.com/archives/suse-security-announce/2000-Nov/0005.html"
            },
            {
              "name": "netscape-client-html-bo(5542)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5542"
            },
            {
              "name": "20001121 Immunix OS Security update for netscape",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=97500270012529\u0026w=2"
            },
            {
              "name": "7207",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/7207"
            },
            {
              "name": "CLSA-2000:344",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000344"
            },
            {
              "name": "RHSA-2000:109",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2000-109.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2000-1187",
    "datePublished": "2001-01-22T05:00:00",
    "dateReserved": "2000-12-14T00:00:00",
    "dateUpdated": "2024-08-08T05:45:37.393Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-1999-0142 (GCVE-0-1999-0142)
Vulnerability from cvelistv5
Published
2000-06-02 04:00
Modified
2024-08-01 16:27
Severity ?
CWE
  • n/a
Summary
The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer's Kit 1.0 allows an applet to connect to arbitrary hosts.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T16:27:57.727Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0142"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer\u0027s Kit 1.0 allows an applet to connect to arbitrary hosts."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-17T06:46:30",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0142"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-1999-0142",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer\u0027s Kit 1.0 allows an applet to connect to arbitrary hosts."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0142",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0142"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-1999-0142",
    "datePublished": "2000-06-02T04:00:00",
    "dateReserved": "1999-06-07T00:00:00",
    "dateUpdated": "2024-08-01T16:27:57.727Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2004-0528 (GCVE-0-2004-0528)
Vulnerability from cvelistv5
Published
2004-06-08 04:00
Modified
2024-08-08 00:24
Severity ?
CWE
  • n/a
Summary
Netscape Navigator 7.1 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.
References
http://www.securityfocus.com/bid/10389 vdb-entry, x_refsource_BID
http://www.osvdb.org/6580 vdb-entry, x_refsource_OSVDB
https://exchange.xforce.ibmcloud.com/vulnerabilities/16102 vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:24:26.374Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "10389",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/10389"
          },
          {
            "name": "6580",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/6580"
          },
          {
            "name": "ie-ahref-url-spoofing(16102)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16102"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-05-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Netscape Navigator 7.1 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified \"alt\" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a \"phishing\" attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "10389",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/10389"
        },
        {
          "name": "6580",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/6580"
        },
        {
          "name": "ie-ahref-url-spoofing(16102)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16102"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0528",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Netscape Navigator 7.1 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified \"alt\" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a \"phishing\" attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "10389",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/10389"
            },
            {
              "name": "6580",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/6580"
            },
            {
              "name": "ie-ahref-url-spoofing(16102)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16102"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-0528",
    "datePublished": "2004-06-08T04:00:00",
    "dateReserved": "2004-06-03T00:00:00",
    "dateUpdated": "2024-08-08T00:24:26.374Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-4042 (GCVE-0-2007-4042)
Vulnerability from cvelistv5
Published
2007-07-27 22:00
Modified
2024-08-07 14:37
Severity ?
CWE
  • n/a
Summary
Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:37:06.030Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://xs-sniper.com/blog/remote-command-exec-firefox-2005/"
          },
          {
            "name": "46832",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/46832"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2008-11-15T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://xs-sniper.com/blog/remote-command-exec-firefox-2005/"
        },
        {
          "name": "46832",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/46832"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4042",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://xs-sniper.com/blog/remote-command-exec-firefox-2005/",
              "refsource": "MISC",
              "url": "http://xs-sniper.com/blog/remote-command-exec-firefox-2005/"
            },
            {
              "name": "46832",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/46832"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-4042",
    "datePublished": "2007-07-27T22:00:00",
    "dateReserved": "2007-07-27T00:00:00",
    "dateUpdated": "2024-08-07T14:37:06.030Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-1999-0141 (GCVE-0-1999-0141)
Vulnerability from cvelistv5
Published
1999-09-29 04:00
Modified
2024-08-01 16:27
Severity ?
CWE
  • n/a
Summary
Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T16:27:57.867Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "00134",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUN",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll\u0026doc=secbull/134"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-11-02T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "00134",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUN"
          ],
          "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll\u0026doc=secbull/134"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-1999-0141",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "00134",
              "refsource": "SUN",
              "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll\u0026doc=secbull/134"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-1999-0141",
    "datePublished": "1999-09-29T04:00:00",
    "dateReserved": "1999-06-07T00:00:00",
    "dateUpdated": "2024-08-01T16:27:57.867Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-1999-0440 (GCVE-0-1999-0440)
Vulnerability from cvelistv5
Published
2000-10-13 04:00
Modified
2024-08-01 16:41
Severity ?
CWE
  • n/a
Summary
The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T16:41:44.840Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1939",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/1939"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://java.sun.com/pr/1999/03/pr990329-01.html"
          },
          {
            "name": "19990405 Security Hole in Java 2 (and JDK 1.1.x)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=92333596624452\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-11-02T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1939",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/1939"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://java.sun.com/pr/1999/03/pr990329-01.html"
        },
        {
          "name": "19990405 Security Hole in Java 2 (and JDK 1.1.x)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=92333596624452\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-1999-0440",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1939",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/1939"
            },
            {
              "name": "http://java.sun.com/pr/1999/03/pr990329-01.html",
              "refsource": "CONFIRM",
              "url": "http://java.sun.com/pr/1999/03/pr990329-01.html"
            },
            {
              "name": "19990405 Security Hole in Java 2 (and JDK 1.1.x)",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=92333596624452\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-1999-0440",
    "datePublished": "2000-10-13T04:00:00",
    "dateReserved": "1999-06-07T00:00:00",
    "dateUpdated": "2024-08-01T16:41:44.840Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-1377 (GCVE-0-2007-1377)
Vulnerability from cvelistv5
Published
2007-03-10 00:00
Modified
2024-08-07 12:50
Severity ?
CWE
  • n/a
Summary
AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:50:35.383Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/data/vulnerabilities/exploits/22856.html"
          },
          {
            "name": "adobe-acropdf-dos(32896)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32896"
          },
          {
            "name": "22856",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/22856"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-03-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securityfocus.com/data/vulnerabilities/exploits/22856.html"
        },
        {
          "name": "adobe-acropdf-dos(32896)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32896"
        },
        {
          "name": "22856",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/22856"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1377",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.securityfocus.com/data/vulnerabilities/exploits/22856.html",
              "refsource": "MISC",
              "url": "http://www.securityfocus.com/data/vulnerabilities/exploits/22856.html"
            },
            {
              "name": "adobe-acropdf-dos(32896)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32896"
            },
            {
              "name": "22856",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/22856"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-1377",
    "datePublished": "2007-03-10T00:00:00",
    "dateReserved": "2007-03-09T00:00:00",
    "dateUpdated": "2024-08-07T12:50:35.383Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-4134 (GCVE-0-2005-4134)
Vulnerability from cvelistv5
Published
2005-12-09 15:00
Modified
2024-08-07 23:31
Severity ?
CWE
  • n/a
Summary
Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this issue.
References
http://www.mandriva.com/security/advisories?name=MDKSA-2006:036 vendor-advisory, x_refsource_MANDRIVA
https://usn.ubuntu.com/275-1/ vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/19902 third-party-advisory, x_refsource_SECUNIA
http://www.osvdb.org/21533 vdb-entry, x_refsource_OSVDB
http://www.mandriva.com/security/advisories?name=MDKSA-2006:037 vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/17944 third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/438730/100/0/threaded vendor-advisory, x_refsource_HP
http://secunia.com/advisories/19941 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/17946 third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=full-disclosure&m=113405896025702&w=2 mailing-list, x_refsource_FULLDISC
http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html vendor-advisory, x_refsource_FEDORA
http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml vendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/21622 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/19862 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/19230 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/18704 third-party-advisory, x_refsource_SECUNIA
http://www.networksecurity.fi/advisories/netscape-history.html x_refsource_MISC
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm x_refsource_CONFIRM
http://www.debian.org/security/2006/dsa-1051 vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/18709 third-party-advisory, x_refsource_SECUNIA
https://usn.ubuntu.com/271-1/ vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/18705 third-party-advisory, x_refsource_SECUNIA
http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml vendor-advisory, x_refsource_GENTOO
http://www.securityfocus.com/bid/16476 vdb-entry, x_refsource_BID
http://www.vupen.com/english/advisories/2006/0413 vdb-entry, x_refsource_VUPEN
http://www.mozilla.org/security/announce/mfsa2006-03.html x_refsource_CONFIRM
http://securitytracker.com/id?1015328 vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/19746 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21033 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/18700 third-party-advisory, x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1 vendor-advisory, x_refsource_SUNALERT
http://secunia.com/advisories/19759 third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2006-0200.html vendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/18706 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/17934 third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/438730/100/0/threaded vendor-advisory, x_refsource_HP
http://www.securityfocus.com/bid/15773 vdb-entry, x_refsource_BID
http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html vendor-advisory, x_refsource_FEDORA
http://www.mozilla.org/security/history-title.html x_refsource_MISC
http://www.redhat.com/support/errata/RHSA-2006-0199.html vendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/19863 third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/425978/100/0/threaded vendor-advisory, x_refsource_FEDORA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11382 vdb-entry, signature, x_refsource_OVAL
ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U vendor-advisory, x_refsource_SGI
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt vendor-advisory, x_refsource_SCO
http://secunia.com/advisories/18708 third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2005/2805 vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/archive/1/425975/100/0/threaded vendor-advisory, x_refsource_FEDORA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1619 vdb-entry, signature, x_refsource_OVAL
http://marc.info/?l=full-disclosure&m=113404911919629&w=2 mailing-list, x_refsource_FULLDISC
http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1 vendor-advisory, x_refsource_SUNALERT
http://secunia.com/advisories/19852 third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/3391 vdb-entry, x_refsource_VUPEN
http://www.debian.org/security/2006/dsa-1046 vendor-advisory, x_refsource_DEBIAN
http://www.debian.org/security/2006/dsa-1044 vendor-advisory, x_refsource_DEBIAN
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:31:49.153Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MDKSA-2006:036",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:036"
          },
          {
            "name": "USN-275-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/275-1/"
          },
          {
            "name": "19902",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19902"
          },
          {
            "name": "21533",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/21533"
          },
          {
            "name": "MDKSA-2006:037",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:037"
          },
          {
            "name": "17944",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17944"
          },
          {
            "name": "HPSBUX02122",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded"
          },
          {
            "name": "19941",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19941"
          },
          {
            "name": "17946",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17946"
          },
          {
            "name": "20051208 Re: re: Firefox 1.5 buffer overflow (poc)",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=full-disclosure\u0026m=113405896025702\u0026w=2"
          },
          {
            "name": "FEDORA-2006-075",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html"
          },
          {
            "name": "GLSA-200604-12",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml"
          },
          {
            "name": "21622",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21622"
          },
          {
            "name": "19862",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19862"
          },
          {
            "name": "19230",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19230"
          },
          {
            "name": "18704",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18704"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.networksecurity.fi/advisories/netscape-history.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm"
          },
          {
            "name": "DSA-1051",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1051"
          },
          {
            "name": "18709",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18709"
          },
          {
            "name": "USN-271-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/271-1/"
          },
          {
            "name": "18705",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18705"
          },
          {
            "name": "GLSA-200604-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml"
          },
          {
            "name": "16476",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/16476"
          },
          {
            "name": "ADV-2006-0413",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/0413"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/mfsa2006-03.html"
          },
          {
            "name": "1015328",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015328"
          },
          {
            "name": "19746",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19746"
          },
          {
            "name": "21033",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21033"
          },
          {
            "name": "18700",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18700"
          },
          {
            "name": "102550",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1"
          },
          {
            "name": "19759",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19759"
          },
          {
            "name": "RHSA-2006:0200",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0200.html"
          },
          {
            "name": "18706",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18706"
          },
          {
            "name": "17934",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17934"
          },
          {
            "name": "SSRT061158",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded"
          },
          {
            "name": "15773",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15773"
          },
          {
            "name": "FEDORA-2006-076",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/history-title.html"
          },
          {
            "name": "RHSA-2006:0199",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0199.html"
          },
          {
            "name": "19863",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19863"
          },
          {
            "name": "FLSA-2006:180036-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/425978/100/0/threaded"
          },
          {
            "name": "oval:org.mitre.oval:def:11382",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11382"
          },
          {
            "name": "20060201-01-U",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U"
          },
          {
            "name": "SCOSA-2006.26",
            "tags": [
              "vendor-advisory",
              "x_refsource_SCO",
              "x_transferred"
            ],
            "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt"
          },
          {
            "name": "18708",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18708"
          },
          {
            "name": "ADV-2005-2805",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2005/2805"
          },
          {
            "name": "FLSA:180036-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/425975/100/0/threaded"
          },
          {
            "name": "oval:org.mitre.oval:def:1619",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1619"
          },
          {
            "name": "20051208 re: Firefox 1.5 buffer overflow (poc)",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=full-disclosure\u0026m=113404911919629\u0026w=2"
          },
          {
            "name": "228526",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1"
          },
          {
            "name": "19852",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19852"
          },
          {
            "name": "ADV-2006-3391",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3391"
          },
          {
            "name": "DSA-1046",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1046"
          },
          {
            "name": "DSA-1044",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1044"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-12-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup.  NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox.  Also, it has been independently reported that Netscape 8.1 does not have this issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-19T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "MDKSA-2006:036",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:036"
        },
        {
          "name": "USN-275-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/275-1/"
        },
        {
          "name": "19902",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19902"
        },
        {
          "name": "21533",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/21533"
        },
        {
          "name": "MDKSA-2006:037",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:037"
        },
        {
          "name": "17944",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17944"
        },
        {
          "name": "HPSBUX02122",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded"
        },
        {
          "name": "19941",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19941"
        },
        {
          "name": "17946",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17946"
        },
        {
          "name": "20051208 Re: re: Firefox 1.5 buffer overflow (poc)",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://marc.info/?l=full-disclosure\u0026m=113405896025702\u0026w=2"
        },
        {
          "name": "FEDORA-2006-075",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html"
        },
        {
          "name": "GLSA-200604-12",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml"
        },
        {
          "name": "21622",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21622"
        },
        {
          "name": "19862",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19862"
        },
        {
          "name": "19230",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19230"
        },
        {
          "name": "18704",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18704"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.networksecurity.fi/advisories/netscape-history.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm"
        },
        {
          "name": "DSA-1051",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1051"
        },
        {
          "name": "18709",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18709"
        },
        {
          "name": "USN-271-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/271-1/"
        },
        {
          "name": "18705",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18705"
        },
        {
          "name": "GLSA-200604-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml"
        },
        {
          "name": "16476",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/16476"
        },
        {
          "name": "ADV-2006-0413",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/0413"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/mfsa2006-03.html"
        },
        {
          "name": "1015328",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015328"
        },
        {
          "name": "19746",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19746"
        },
        {
          "name": "21033",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21033"
        },
        {
          "name": "18700",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18700"
        },
        {
          "name": "102550",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1"
        },
        {
          "name": "19759",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19759"
        },
        {
          "name": "RHSA-2006:0200",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0200.html"
        },
        {
          "name": "18706",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18706"
        },
        {
          "name": "17934",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17934"
        },
        {
          "name": "SSRT061158",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded"
        },
        {
          "name": "15773",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15773"
        },
        {
          "name": "FEDORA-2006-076",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.mozilla.org/security/history-title.html"
        },
        {
          "name": "RHSA-2006:0199",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0199.html"
        },
        {
          "name": "19863",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19863"
        },
        {
          "name": "FLSA-2006:180036-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://www.securityfocus.com/archive/1/425978/100/0/threaded"
        },
        {
          "name": "oval:org.mitre.oval:def:11382",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11382"
        },
        {
          "name": "20060201-01-U",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U"
        },
        {
          "name": "SCOSA-2006.26",
          "tags": [
            "vendor-advisory",
            "x_refsource_SCO"
          ],
          "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt"
        },
        {
          "name": "18708",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18708"
        },
        {
          "name": "ADV-2005-2805",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2005/2805"
        },
        {
          "name": "FLSA:180036-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://www.securityfocus.com/archive/1/425975/100/0/threaded"
        },
        {
          "name": "oval:org.mitre.oval:def:1619",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1619"
        },
        {
          "name": "20051208 re: Firefox 1.5 buffer overflow (poc)",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://marc.info/?l=full-disclosure\u0026m=113404911919629\u0026w=2"
        },
        {
          "name": "228526",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1"
        },
        {
          "name": "19852",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19852"
        },
        {
          "name": "ADV-2006-3391",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3391"
        },
        {
          "name": "DSA-1046",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1046"
        },
        {
          "name": "DSA-1044",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1044"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-4134",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup.  NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox.  Also, it has been independently reported that Netscape 8.1 does not have this issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MDKSA-2006:036",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:036"
            },
            {
              "name": "USN-275-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/275-1/"
            },
            {
              "name": "19902",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19902"
            },
            {
              "name": "21533",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/21533"
            },
            {
              "name": "MDKSA-2006:037",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:037"
            },
            {
              "name": "17944",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17944"
            },
            {
              "name": "HPSBUX02122",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded"
            },
            {
              "name": "19941",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19941"
            },
            {
              "name": "17946",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17946"
            },
            {
              "name": "20051208 Re: re: Firefox 1.5 buffer overflow (poc)",
              "refsource": "FULLDISC",
              "url": "http://marc.info/?l=full-disclosure\u0026m=113405896025702\u0026w=2"
            },
            {
              "name": "FEDORA-2006-075",
              "refsource": "FEDORA",
              "url": "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html"
            },
            {
              "name": "GLSA-200604-12",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml"
            },
            {
              "name": "21622",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21622"
            },
            {
              "name": "19862",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19862"
            },
            {
              "name": "19230",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19230"
            },
            {
              "name": "18704",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18704"
            },
            {
              "name": "http://www.networksecurity.fi/advisories/netscape-history.html",
              "refsource": "MISC",
              "url": "http://www.networksecurity.fi/advisories/netscape-history.html"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm"
            },
            {
              "name": "DSA-1051",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1051"
            },
            {
              "name": "18709",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18709"
            },
            {
              "name": "USN-271-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/271-1/"
            },
            {
              "name": "18705",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18705"
            },
            {
              "name": "GLSA-200604-18",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml"
            },
            {
              "name": "16476",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/16476"
            },
            {
              "name": "ADV-2006-0413",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/0413"
            },
            {
              "name": "http://www.mozilla.org/security/announce/mfsa2006-03.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/mfsa2006-03.html"
            },
            {
              "name": "1015328",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015328"
            },
            {
              "name": "19746",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19746"
            },
            {
              "name": "21033",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21033"
            },
            {
              "name": "18700",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18700"
            },
            {
              "name": "102550",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1"
            },
            {
              "name": "19759",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19759"
            },
            {
              "name": "RHSA-2006:0200",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0200.html"
            },
            {
              "name": "18706",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18706"
            },
            {
              "name": "17934",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17934"
            },
            {
              "name": "SSRT061158",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded"
            },
            {
              "name": "15773",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/15773"
            },
            {
              "name": "FEDORA-2006-076",
              "refsource": "FEDORA",
              "url": "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html"
            },
            {
              "name": "http://www.mozilla.org/security/history-title.html",
              "refsource": "MISC",
              "url": "http://www.mozilla.org/security/history-title.html"
            },
            {
              "name": "RHSA-2006:0199",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0199.html"
            },
            {
              "name": "19863",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19863"
            },
            {
              "name": "FLSA-2006:180036-2",
              "refsource": "FEDORA",
              "url": "http://www.securityfocus.com/archive/1/425978/100/0/threaded"
            },
            {
              "name": "oval:org.mitre.oval:def:11382",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11382"
            },
            {
              "name": "20060201-01-U",
              "refsource": "SGI",
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U"
            },
            {
              "name": "SCOSA-2006.26",
              "refsource": "SCO",
              "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt"
            },
            {
              "name": "18708",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18708"
            },
            {
              "name": "ADV-2005-2805",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2005/2805"
            },
            {
              "name": "FLSA:180036-1",
              "refsource": "FEDORA",
              "url": "http://www.securityfocus.com/archive/1/425975/100/0/threaded"
            },
            {
              "name": "oval:org.mitre.oval:def:1619",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1619"
            },
            {
              "name": "20051208 re: Firefox 1.5 buffer overflow (poc)",
              "refsource": "FULLDISC",
              "url": "http://marc.info/?l=full-disclosure\u0026m=113404911919629\u0026w=2"
            },
            {
              "name": "228526",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1"
            },
            {
              "name": "19852",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19852"
            },
            {
              "name": "ADV-2006-3391",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3391"
            },
            {
              "name": "DSA-1046",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1046"
            },
            {
              "name": "DSA-1044",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1044"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-4134",
    "datePublished": "2005-12-09T15:00:00",
    "dateReserved": "2005-12-09T00:00:00",
    "dateUpdated": "2024-08-07T23:31:49.153Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2002-0593 (GCVE-0-2002-0593)
Vulnerability from cvelistv5
Published
2002-06-11 04:00
Modified
2024-08-08 02:56
Severity ?
CWE
  • n/a
Summary
Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI.
References
http://secunia.com/advisories/8039 third-party-advisory, x_refsource_SECUNIA
http://www.iss.net/security_center/static/8976.php vdb-entry, x_refsource_XF
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000490 vendor-advisory, x_refsource_CONECTIVA
http://www.securityfocus.com/bid/4637 vdb-entry, x_refsource_BID
http://online.securityfocus.com/archive/1/270249 mailing-list, x_refsource_BUGTRAQ
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T02:56:37.949Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "8039",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/8039"
          },
          {
            "name": "mozilla-netscape-irc-bo(8976)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/8976.php"
          },
          {
            "name": "CLA-2002:490",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000490"
          },
          {
            "name": "4637",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/4637"
          },
          {
            "name": "20020430 RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://online.securityfocus.com/archive/1/270249"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-04-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2007-11-13T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "8039",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/8039"
        },
        {
          "name": "mozilla-netscape-irc-bo(8976)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/8976.php"
        },
        {
          "name": "CLA-2002:490",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000490"
        },
        {
          "name": "4637",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/4637"
        },
        {
          "name": "20020430 RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://online.securityfocus.com/archive/1/270249"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-0593",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "8039",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/8039"
            },
            {
              "name": "mozilla-netscape-irc-bo(8976)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/8976.php"
            },
            {
              "name": "CLA-2002:490",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000490"
            },
            {
              "name": "4637",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/4637"
            },
            {
              "name": "20020430 RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS)",
              "refsource": "BUGTRAQ",
              "url": "http://online.securityfocus.com/archive/1/270249"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-0593",
    "datePublished": "2002-06-11T04:00:00",
    "dateReserved": "2002-06-11T00:00:00",
    "dateUpdated": "2024-08-08T02:56:37.949Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2004-1160 (GCVE-0-2004-1160)
Vulnerability from cvelistv5
Published
2004-12-10 05:00
Modified
2024-08-08 00:39
Severity ?
CWE
  • n/a
Summary
Netscape 7.x to 7.2, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:39:01.047Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/multiple_browsers_window_injection_vulnerability_test/"
          },
          {
            "name": "11852",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/11852"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2004-13/advisory/"
          },
          {
            "name": "13402",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/13402/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-12-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Netscape 7.x to 7.2, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the \"window injection\" vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2004-12-15T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/multiple_browsers_window_injection_vulnerability_test/"
        },
        {
          "name": "11852",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/11852"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2004-13/advisory/"
        },
        {
          "name": "13402",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/13402/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-1160",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Netscape 7.x to 7.2, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the \"window injection\" vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://secunia.com/multiple_browsers_window_injection_vulnerability_test/",
              "refsource": "MISC",
              "url": "http://secunia.com/multiple_browsers_window_injection_vulnerability_test/"
            },
            {
              "name": "11852",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/11852"
            },
            {
              "name": "http://secunia.com/secunia_research/2004-13/advisory/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2004-13/advisory/"
            },
            {
              "name": "13402",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/13402/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-1160",
    "datePublished": "2004-12-10T05:00:00",
    "dateReserved": "2004-12-08T00:00:00",
    "dateUpdated": "2024-08-08T00:39:01.047Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-2894 (GCVE-0-2006-2894)
Vulnerability from cvelistv5
Published
2006-06-07 10:00
Modified
2024-08-07 18:06
Severity ?
CWE
  • n/a
Summary
Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.
References
http://www.securityfocus.com/archive/1/482876/100/200/threaded mailing-list, x_refsource_BUGTRAQ
http://www.mandriva.com/security/advisories?name=MDKSA-2006:145 vendor-advisory, x_refsource_MANDRIVA
http://lcamtuf.coredump.cx/focusbug/ x_refsource_MISC
http://secunia.com/advisories/27414 third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/482925/100/0/threaded mailing-list, x_refsource_BUGTRAQ
https://issues.rpath.com/browse/RPL-1858 x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2006/2163 vdb-entry, x_refsource_VUPEN
http://archives.neohapsis.com/archives/bugtraq/2007-02/0166.html mailing-list, x_refsource_BUGTRAQ
http://securityreason.com/securityalert/1059 third-party-advisory, x_refsource_SREASON
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 vendor-advisory, x_refsource_HP
http://secunia.com/advisories/27298 third-party-advisory, x_refsource_SECUNIA
http://securitytracker.com/id?1018837 vdb-entry, x_refsource_SECTRACK
http://www.vupen.com/english/advisories/2007/3544 vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/20470 third-party-advisory, x_refsource_SECUNIA
https://usn.ubuntu.com/535-1/ vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/20472 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/20467 third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/2160 vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/27383 third-party-advisory, x_refsource_SECUNIA
http://www.novell.com/linux/security/advisories/2007_57_mozilla.html vendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/21532 third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/0083 vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/27387 third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/2164 vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/bid/18308 vdb-entry, x_refsource_BID
http://secunia.com/advisories/27403 third-party-advisory, x_refsource_SECUNIA
https://bugzilla.mozilla.org/show_bug.cgi?id=56236 x_refsource_MISC
http://archives.neohapsis.com/archives/bugtraq/2007-02/0187.html mailing-list, x_refsource_BUGTRAQ
http://lists.virus.org/full-disclosure-0702/msg00225.html mailing-list, x_refsource_FULLDISC
http://www.vupen.com/english/advisories/2006/2162 vdb-entry, x_refsource_VUPEN
https://bugzilla.mozilla.org/show_bug.cgi?id=290478 x_refsource_MISC
http://www.mozilla.org/security/announce/2007/mfsa2007-32.html x_refsource_CONFIRM
http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html mailing-list, x_refsource_FULLDISC
http://www.thanhngan.org/fflinuxversion.html x_refsource_MISC
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 vendor-advisory, x_refsource_HP
http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202 vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/27335 third-party-advisory, x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html vendor-advisory, x_refsource_FEDORA
http://www.mandriva.com/security/advisories?name=MDKSA-2006:143 vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/20442 third-party-advisory, x_refsource_SECUNIA
http://www.gnucitizen.org/blog/browser-focus-rip x_refsource_MISC
http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html x_refsource_CONFIRM
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1 vendor-advisory, x_refsource_SUNALERT
http://www.securityfocus.com/archive/1/482932/100/200/threaded mailing-list, x_refsource_BUGTRAQ
https://bugzilla.mozilla.org/show_bug.cgi?id=370092 x_refsource_CONFIRM
http://www.ubuntu.com/usn/usn-536-1 vendor-advisory, x_refsource_UBUNTU
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:06:27.190Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20071026 rPSA-2007-0225-1 firefox",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/482876/100/200/threaded"
          },
          {
            "name": "MDKSA-2006:145",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lcamtuf.coredump.cx/focusbug/"
          },
          {
            "name": "27414",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27414"
          },
          {
            "name": "20071029 FLEA-2007-0062-1 firefox",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/482925/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-1858"
          },
          {
            "name": "ADV-2006-2163",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/2163"
          },
          {
            "name": "20070211 Firefox focus stealing vulnerability (possibly other browsers)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0166.html"
          },
          {
            "name": "1059",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/1059"
          },
          {
            "name": "HPSBUX02153",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
          },
          {
            "name": "27298",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27298"
          },
          {
            "name": "1018837",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1018837"
          },
          {
            "name": "ADV-2007-3544",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3544"
          },
          {
            "name": "20470",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20470"
          },
          {
            "name": "USN-535-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/535-1/"
          },
          {
            "name": "20472",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20472"
          },
          {
            "name": "20467",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20467"
          },
          {
            "name": "ADV-2006-2160",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/2160"
          },
          {
            "name": "27383",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27383"
          },
          {
            "name": "SUSE-SA:2007:057",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_57_mozilla.html"
          },
          {
            "name": "21532",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21532"
          },
          {
            "name": "ADV-2008-0083",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0083"
          },
          {
            "name": "27387",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27387"
          },
          {
            "name": "ADV-2006-2164",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/2164"
          },
          {
            "name": "18308",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/18308"
          },
          {
            "name": "27403",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27403"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=56236"
          },
          {
            "name": "20070212 Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0187.html"
          },
          {
            "name": "20070211 Firefox focus stealing vulnerability (possibly other browsers)",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://lists.virus.org/full-disclosure-0702/msg00225.html"
          },
          {
            "name": "ADV-2006-2162",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/2162"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=290478"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-32.html"
          },
          {
            "name": "20060605 file upload widgets in IE and Firefox have issues",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.thanhngan.org/fflinuxversion.html"
          },
          {
            "name": "SSRT061181",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
          },
          {
            "name": "MDKSA-2007:202",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202"
          },
          {
            "name": "27335",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27335"
          },
          {
            "name": "FEDORA-2007-2664",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html"
          },
          {
            "name": "MDKSA-2006:143",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143"
          },
          {
            "name": "20442",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20442"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.gnucitizen.org/blog/browser-focus-rip"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html"
          },
          {
            "name": "201516",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1"
          },
          {
            "name": "20071029 rPSA-2007-0225-2 firefox thunderbird",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/482932/100/200/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=370092"
          },
          {
            "name": "USN-536-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-536-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-06-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20071026 rPSA-2007-0225-1 firefox",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/482876/100/200/threaded"
        },
        {
          "name": "MDKSA-2006:145",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lcamtuf.coredump.cx/focusbug/"
        },
        {
          "name": "27414",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27414"
        },
        {
          "name": "20071029 FLEA-2007-0062-1 firefox",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/482925/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-1858"
        },
        {
          "name": "ADV-2006-2163",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/2163"
        },
        {
          "name": "20070211 Firefox focus stealing vulnerability (possibly other browsers)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0166.html"
        },
        {
          "name": "1059",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/1059"
        },
        {
          "name": "HPSBUX02153",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
        },
        {
          "name": "27298",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27298"
        },
        {
          "name": "1018837",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1018837"
        },
        {
          "name": "ADV-2007-3544",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3544"
        },
        {
          "name": "20470",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20470"
        },
        {
          "name": "USN-535-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/535-1/"
        },
        {
          "name": "20472",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20472"
        },
        {
          "name": "20467",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20467"
        },
        {
          "name": "ADV-2006-2160",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/2160"
        },
        {
          "name": "27383",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27383"
        },
        {
          "name": "SUSE-SA:2007:057",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_57_mozilla.html"
        },
        {
          "name": "21532",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21532"
        },
        {
          "name": "ADV-2008-0083",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0083"
        },
        {
          "name": "27387",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27387"
        },
        {
          "name": "ADV-2006-2164",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/2164"
        },
        {
          "name": "18308",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/18308"
        },
        {
          "name": "27403",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27403"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=56236"
        },
        {
          "name": "20070212 Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0187.html"
        },
        {
          "name": "20070211 Firefox focus stealing vulnerability (possibly other browsers)",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://lists.virus.org/full-disclosure-0702/msg00225.html"
        },
        {
          "name": "ADV-2006-2162",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/2162"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=290478"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-32.html"
        },
        {
          "name": "20060605 file upload widgets in IE and Firefox have issues",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.thanhngan.org/fflinuxversion.html"
        },
        {
          "name": "SSRT061181",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
        },
        {
          "name": "MDKSA-2007:202",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202"
        },
        {
          "name": "27335",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27335"
        },
        {
          "name": "FEDORA-2007-2664",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html"
        },
        {
          "name": "MDKSA-2006:143",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143"
        },
        {
          "name": "20442",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20442"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.gnucitizen.org/blog/browser-focus-rip"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html"
        },
        {
          "name": "201516",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1"
        },
        {
          "name": "20071029 rPSA-2007-0225-2 firefox thunderbird",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/482932/100/200/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=370092"
        },
        {
          "name": "USN-536-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-536-1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-2894",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20071026 rPSA-2007-0225-1 firefox",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/482876/100/200/threaded"
            },
            {
              "name": "MDKSA-2006:145",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145"
            },
            {
              "name": "http://lcamtuf.coredump.cx/focusbug/",
              "refsource": "MISC",
              "url": "http://lcamtuf.coredump.cx/focusbug/"
            },
            {
              "name": "27414",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27414"
            },
            {
              "name": "20071029 FLEA-2007-0062-1 firefox",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/482925/100/0/threaded"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-1858",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-1858"
            },
            {
              "name": "ADV-2006-2163",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/2163"
            },
            {
              "name": "20070211 Firefox focus stealing vulnerability (possibly other browsers)",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0166.html"
            },
            {
              "name": "1059",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/1059"
            },
            {
              "name": "HPSBUX02153",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
            },
            {
              "name": "27298",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27298"
            },
            {
              "name": "1018837",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1018837"
            },
            {
              "name": "ADV-2007-3544",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3544"
            },
            {
              "name": "20470",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20470"
            },
            {
              "name": "USN-535-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/535-1/"
            },
            {
              "name": "20472",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20472"
            },
            {
              "name": "20467",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20467"
            },
            {
              "name": "ADV-2006-2160",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/2160"
            },
            {
              "name": "27383",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27383"
            },
            {
              "name": "SUSE-SA:2007:057",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2007_57_mozilla.html"
            },
            {
              "name": "21532",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21532"
            },
            {
              "name": "ADV-2008-0083",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0083"
            },
            {
              "name": "27387",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27387"
            },
            {
              "name": "ADV-2006-2164",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/2164"
            },
            {
              "name": "18308",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/18308"
            },
            {
              "name": "27403",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27403"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=56236",
              "refsource": "MISC",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=56236"
            },
            {
              "name": "20070212 Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers)",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0187.html"
            },
            {
              "name": "20070211 Firefox focus stealing vulnerability (possibly other browsers)",
              "refsource": "FULLDISC",
              "url": "http://lists.virus.org/full-disclosure-0702/msg00225.html"
            },
            {
              "name": "ADV-2006-2162",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/2162"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=290478",
              "refsource": "MISC",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=290478"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2007/mfsa2007-32.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-32.html"
            },
            {
              "name": "20060605 file upload widgets in IE and Firefox have issues",
              "refsource": "FULLDISC",
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html"
            },
            {
              "name": "http://www.thanhngan.org/fflinuxversion.html",
              "refsource": "MISC",
              "url": "http://www.thanhngan.org/fflinuxversion.html"
            },
            {
              "name": "SSRT061181",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
            },
            {
              "name": "MDKSA-2007:202",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202"
            },
            {
              "name": "27335",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27335"
            },
            {
              "name": "FEDORA-2007-2664",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html"
            },
            {
              "name": "MDKSA-2006:143",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143"
            },
            {
              "name": "20442",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20442"
            },
            {
              "name": "http://www.gnucitizen.org/blog/browser-focus-rip",
              "refsource": "MISC",
              "url": "http://www.gnucitizen.org/blog/browser-focus-rip"
            },
            {
              "name": "http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html",
              "refsource": "CONFIRM",
              "url": "http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html"
            },
            {
              "name": "201516",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1"
            },
            {
              "name": "20071029 rPSA-2007-0225-2 firefox thunderbird",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/482932/100/200/threaded"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=370092",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=370092"
            },
            {
              "name": "USN-536-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-536-1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-2894",
    "datePublished": "2006-06-07T10:00:00",
    "dateReserved": "2006-06-07T00:00:00",
    "dateUpdated": "2024-08-07T18:06:27.190Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-1157 (GCVE-0-2005-1157)
Vulnerability from cvelistv5
Published
2005-04-18 04:00
Modified
2024-08-07 21:36
Severity ?
CWE
  • n/a
Summary
Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka "Firesearching 2."
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T21:36:00.181Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2005:386",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-386.html"
          },
          {
            "name": "14992",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/14992"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/mfsa2005-38.html"
          },
          {
            "name": "SCOSA-2005.49",
            "tags": [
              "vendor-advisory",
              "x_refsource_SCO",
              "x_transferred"
            ],
            "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
          },
          {
            "name": "15495",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15495"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.mikx.de/firesearching/"
          },
          {
            "name": "14938",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/14938"
          },
          {
            "name": "mozilla-plugin-xss(20125)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20125"
          },
          {
            "name": "RHSA-2005:384",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-384.html"
          },
          {
            "name": "oval:org.mitre.oval:def:9961",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9961"
          },
          {
            "name": "RHSA-2005:383",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-383.html"
          },
          {
            "name": "13211",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/13211"
          },
          {
            "name": "14996",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/14996"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=290037"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-04-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka \"Firesearching 2.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2005:386",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-386.html"
        },
        {
          "name": "14992",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/14992"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/mfsa2005-38.html"
        },
        {
          "name": "SCOSA-2005.49",
          "tags": [
            "vendor-advisory",
            "x_refsource_SCO"
          ],
          "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
        },
        {
          "name": "15495",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15495"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.mikx.de/firesearching/"
        },
        {
          "name": "14938",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/14938"
        },
        {
          "name": "mozilla-plugin-xss(20125)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20125"
        },
        {
          "name": "RHSA-2005:384",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-384.html"
        },
        {
          "name": "oval:org.mitre.oval:def:9961",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9961"
        },
        {
          "name": "RHSA-2005:383",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-383.html"
        },
        {
          "name": "13211",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/13211"
        },
        {
          "name": "14996",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/14996"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=290037"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2005-1157",
    "datePublished": "2005-04-18T04:00:00",
    "dateReserved": "2005-04-18T00:00:00",
    "dateUpdated": "2024-08-07T21:36:00.181Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-2613 (GCVE-0-2006-2613)
Vulnerability from cvelistv5
Published
2006-05-26 01:00
Modified
2024-08-07 17:58
Severity ?
CWE
  • n/a
Summary
Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other versions before before 1.8.0, and Netscape 7.2 and 8.1, and possibly other versions and products, allows remote user-assisted attackers to obtain information such as the installation path by causing exceptions to be thrown and checking the message contents.
References
http://www.mandriva.com/security/advisories?name=MDKSA-2006:145 vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/20244 third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/26667 vdb-entry, x_refsource_XF
http://secunia.com/advisories/20255 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21532 third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/434696/100/0/threaded mailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/20256 third-party-advisory, x_refsource_SECUNIA
https://bugzilla.mozilla.org/show_bug.cgi?id=267645 x_refsource_CONFIRM
https://bugzilla.mozilla.org/attachment.cgi?id=164547 x_refsource_MISC
http://www.mandriva.com/security/advisories?name=MDKSA-2006:143 vendor-advisory, x_refsource_MANDRIVA
http://securityreason.com/securityalert/960 third-party-advisory, x_refsource_SREASON
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:58:51.538Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MDKSA-2006:145",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145"
          },
          {
            "name": "20244",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20244"
          },
          {
            "name": "mozilla-javascript-path-disclosure(26667)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26667"
          },
          {
            "name": "20255",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20255"
          },
          {
            "name": "21532",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21532"
          },
          {
            "name": "20060521 Firefox 1.5.0.3 Flaw - Page can obtain path to Mozilla installation or profile by examining JavaScript exceptions",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/434696/100/0/threaded"
          },
          {
            "name": "20256",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20256"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=267645"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/attachment.cgi?id=164547"
          },
          {
            "name": "MDKSA-2006:143",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143"
          },
          {
            "name": "960",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/960"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-05-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other versions before before 1.8.0, and Netscape 7.2 and 8.1, and possibly other versions and products, allows remote user-assisted attackers to obtain information such as the installation path by causing exceptions to be thrown and checking the message contents."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "MDKSA-2006:145",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145"
        },
        {
          "name": "20244",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20244"
        },
        {
          "name": "mozilla-javascript-path-disclosure(26667)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26667"
        },
        {
          "name": "20255",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20255"
        },
        {
          "name": "21532",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21532"
        },
        {
          "name": "20060521 Firefox 1.5.0.3 Flaw - Page can obtain path to Mozilla installation or profile by examining JavaScript exceptions",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/434696/100/0/threaded"
        },
        {
          "name": "20256",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20256"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=267645"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.mozilla.org/attachment.cgi?id=164547"
        },
        {
          "name": "MDKSA-2006:143",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143"
        },
        {
          "name": "960",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/960"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-2613",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other versions before before 1.8.0, and Netscape 7.2 and 8.1, and possibly other versions and products, allows remote user-assisted attackers to obtain information such as the installation path by causing exceptions to be thrown and checking the message contents."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MDKSA-2006:145",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145"
            },
            {
              "name": "20244",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20244"
            },
            {
              "name": "mozilla-javascript-path-disclosure(26667)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26667"
            },
            {
              "name": "20255",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20255"
            },
            {
              "name": "21532",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21532"
            },
            {
              "name": "20060521 Firefox 1.5.0.3 Flaw - Page can obtain path to Mozilla installation or profile by examining JavaScript exceptions",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/434696/100/0/threaded"
            },
            {
              "name": "20256",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20256"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=267645",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=267645"
            },
            {
              "name": "https://bugzilla.mozilla.org/attachment.cgi?id=164547",
              "refsource": "MISC",
              "url": "https://bugzilla.mozilla.org/attachment.cgi?id=164547"
            },
            {
              "name": "MDKSA-2006:143",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143"
            },
            {
              "name": "960",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/960"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-2613",
    "datePublished": "2006-05-26T01:00:00",
    "dateReserved": "2006-05-25T00:00:00",
    "dateUpdated": "2024-08-07T17:58:51.538Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2002-2338 (GCVE-0-2002-2338)
Vulnerability from cvelistv5
Published
2007-10-29 19:00
Modified
2024-09-16 20:06
Severity ?
CWE
  • n/a
Summary
The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T03:59:11.958Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20020614 Another small DoS on Mozilla \u003c= 1.0 through pop3",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/276946"
          },
          {
            "name": "20020612 Another small DoS on Mozilla \u003c= 1.0 through pop3",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://online.securityfocus.com/archive/1/276628"
          },
          {
            "name": "MDKSA-2002:074",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=144228"
          },
          {
            "name": "5002",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/5002"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html"
          },
          {
            "name": "mozilla-netscape-pop3-dos(9343)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/9343.php"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2007-10-29T19:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20020614 Another small DoS on Mozilla \u003c= 1.0 through pop3",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/276946"
        },
        {
          "name": "20020612 Another small DoS on Mozilla \u003c= 1.0 through pop3",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://online.securityfocus.com/archive/1/276628"
        },
        {
          "name": "MDKSA-2002:074",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=144228"
        },
        {
          "name": "5002",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/5002"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html"
        },
        {
          "name": "mozilla-netscape-pop3-dos(9343)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/9343.php"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-2338",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20020614 Another small DoS on Mozilla \u003c= 1.0 through pop3",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/276946"
            },
            {
              "name": "20020612 Another small DoS on Mozilla \u003c= 1.0 through pop3",
              "refsource": "BUGTRAQ",
              "url": "http://online.securityfocus.com/archive/1/276628"
            },
            {
              "name": "MDKSA-2002:074",
              "refsource": "MANDRAKE",
              "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074"
            },
            {
              "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=144228",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=144228"
            },
            {
              "name": "5002",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/5002"
            },
            {
              "name": "http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html",
              "refsource": "CONFIRM",
              "url": "http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html"
            },
            {
              "name": "mozilla-netscape-pop3-dos(9343)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/9343.php"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-2338",
    "datePublished": "2007-10-29T19:00:00Z",
    "dateReserved": "2007-10-29T00:00:00Z",
    "dateUpdated": "2024-09-16T20:06:54.208Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2004-0905 (GCVE-0-2004-0905)
Vulnerability from cvelistv5
Published
2004-09-24 04:00
Modified
2024-08-08 00:31
Severity ?
CWE
  • n/a
Summary
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:31:47.854Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#651928",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/651928"
          },
          {
            "name": "SUSE-SA:2004:036",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=250862"
          },
          {
            "name": "FLSA:2089",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2"
          },
          {
            "name": "oval:org.mitre.oval:def:10378",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10378"
          },
          {
            "name": "11177",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/11177"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3"
          },
          {
            "name": "GLSA-200409-26",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200409-26.xml"
          },
          {
            "name": "mozilla-netscape-sameorigin-bypass(17374)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17374"
          },
          {
            "name": "TA04-261A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA04-261A.html"
          },
          {
            "name": "SSRT4826",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=109698896104418\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-09-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "VU#651928",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/651928"
        },
        {
          "name": "SUSE-SA:2004:036",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=250862"
        },
        {
          "name": "FLSA:2089",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2"
        },
        {
          "name": "oval:org.mitre.oval:def:10378",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10378"
        },
        {
          "name": "11177",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/11177"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3"
        },
        {
          "name": "GLSA-200409-26",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200409-26.xml"
        },
        {
          "name": "mozilla-netscape-sameorigin-bypass(17374)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17374"
        },
        {
          "name": "TA04-261A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA04-261A.html"
        },
        {
          "name": "SSRT4826",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=109698896104418\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0905",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#651928",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/651928"
            },
            {
              "name": "SUSE-SA:2004:036",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html"
            },
            {
              "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=250862",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=250862"
            },
            {
              "name": "FLSA:2089",
              "refsource": "FEDORA",
              "url": "http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2"
            },
            {
              "name": "oval:org.mitre.oval:def:10378",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10378"
            },
            {
              "name": "11177",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/11177"
            },
            {
              "name": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3"
            },
            {
              "name": "GLSA-200409-26",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200409-26.xml"
            },
            {
              "name": "mozilla-netscape-sameorigin-bypass(17374)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17374"
            },
            {
              "name": "TA04-261A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA04-261A.html"
            },
            {
              "name": "SSRT4826",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=109698896104418\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-0905",
    "datePublished": "2004-09-24T04:00:00",
    "dateReserved": "2004-09-23T00:00:00",
    "dateUpdated": "2024-08-08T00:31:47.854Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-3924 (GCVE-0-2007-3924)
Vulnerability from cvelistv5
Published
2007-07-21 00:00
Modified
2024-09-17 00:55
Severity ?
CWE
  • n/a
Summary
Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE's opinion that IE appears to not properly delimit the URL argument when invoking Netscape; this issue could arise with other protocol handlers in IE.
References
http://sla.ckers.org/forum/read.php?3%2C13732%2C13739 x_refsource_MISC
http://secunia.com/advisories/26082 third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:37:05.453Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://sla.ckers.org/forum/read.php?3%2C13732%2C13739"
          },
          {
            "name": "26082",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26082"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670.  NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE\u0027s opinion that IE appears to not properly delimit the URL argument when invoking Netscape; this issue could arise with other protocol handlers in IE."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2007-07-21T00:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://sla.ckers.org/forum/read.php?3%2C13732%2C13739"
        },
        {
          "name": "26082",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26082"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3924",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670.  NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE\u0027s opinion that IE appears to not properly delimit the URL argument when invoking Netscape; this issue could arise with other protocol handlers in IE."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://sla.ckers.org/forum/read.php?3,13732,13739",
              "refsource": "MISC",
              "url": "http://sla.ckers.org/forum/read.php?3,13732,13739"
            },
            {
              "name": "26082",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26082"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-3924",
    "datePublished": "2007-07-21T00:00:00Z",
    "dateReserved": "2007-07-20T00:00:00Z",
    "dateUpdated": "2024-09-17T00:55:56.386Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-2809 (GCVE-0-2008-2809)
Vulnerability from cvelistv5
Published
2008-07-08 23:00
Modified
2024-08-07 09:14
Severity ?
CWE
  • n/a
Summary
Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.
References
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html vendor-advisory, x_refsource_SUSE
http://www.redhat.com/support/errata/RHSA-2008-0549.html vendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2009/dsa-1697 vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/31021 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/30898 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/31403 third-party-advisory, x_refsource_SECUNIA
http://wiki.rpath.com/Advisories:rPSA-2008-0216 x_refsource_CONFIRM
https://issues.rpath.com/browse/RPL-2646 x_refsource_CONFIRM
http://secunia.com/advisories/30949 third-party-advisory, x_refsource_SECUNIA
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152 vendor-advisory, x_refsource_SLACKWARE
http://www.vupen.com/english/advisories/2009/0977 vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/31069 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/31008 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/31377 third-party-advisory, x_refsource_SECUNIA
https://bugzilla.mozilla.org/show_bug.cgi?id=240261 x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2008-0616.html vendor-advisory, x_refsource_REDHAT
http://securityreason.com/securityalert/3498 third-party-advisory, x_refsource_SREASON
http://www.vupen.com/english/advisories/2008/1993/references vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/31023 third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2008:155 vendor-advisory, x_refsource_MANDRIVA
http://www.securityfocus.com/bid/30038 vdb-entry, x_refsource_BID
http://www.debian.org/security/2008/dsa-1607 vendor-advisory, x_refsource_DEBIAN
http://security.gentoo.org/glsa/glsa-200808-03.xml vendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/31005 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/33433 third-party-advisory, x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html vendor-advisory, x_refsource_FEDORA
http://www.securitytracker.com/id?1020419 vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/31253 third-party-advisory, x_refsource_SECUNIA
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15 x_refsource_CONFIRM
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html vendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/31183 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/30903 third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2008-0547.html vendor-advisory, x_refsource_REDHAT
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html vendor-advisory, x_refsource_FEDORA
http://www.ubuntu.com/usn/usn-629-1 vendor-advisory, x_refsource_UBUNTU
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 vendor-advisory, x_refsource_SUNALERT
http://www.securityfocus.com/archive/1/483937/100/100/threaded mailing-list, x_refsource_BUGTRAQ
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911 vendor-advisory, x_refsource_SLACKWARE
https://bugzilla.mozilla.org/show_bug.cgi?id=402347 x_refsource_CONFIRM
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.410484 vendor-advisory, x_refsource_SLACKWARE
http://www.debian.org/security/2008/dsa-1615 vendor-advisory, x_refsource_DEBIAN
http://www.securityfocus.com/archive/1/483960/100/100/threaded mailing-list, x_refsource_BUGTRAQ
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html vendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/31220 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/31195 third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/483929/100/100/threaded mailing-list, x_refsource_BUGTRAQ
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10205 vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/31076 third-party-advisory, x_refsource_SECUNIA
http://www.mozilla.org/security/announce/2008/mfsa2008-31.html x_refsource_CONFIRM
http://www.ubuntu.com/usn/usn-619-1 vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/30911 third-party-advisory, x_refsource_SECUNIA
https://bugzilla.mozilla.org/show_bug.cgi?id=327181 x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2008-0569.html vendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/30878 third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2008/dsa-1621 vendor-advisory, x_refsource_DEBIAN
http://www.securityfocus.com/archive/1/494080/100/0/threaded mailing-list, x_refsource_BUGTRAQ
http://securitytracker.com/id?1018979 vdb-entry, x_refsource_SECTRACK
http://nils.toedtmann.net/pub/subjectAltName.txt x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/43524 vdb-entry, x_refsource_XF
http://secunia.com/advisories/31286 third-party-advisory, x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html vendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/34501 third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2008:136 vendor-advisory, x_refsource_MANDRIVA
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:14:14.905Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SA:2008:034",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html"
          },
          {
            "name": "RHSA-2008:0549",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0549.html"
          },
          {
            "name": "DSA-1697",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1697"
          },
          {
            "name": "31021",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31021"
          },
          {
            "name": "30898",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30898"
          },
          {
            "name": "31403",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31403"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0216"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-2646"
          },
          {
            "name": "30949",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30949"
          },
          {
            "name": "SSA:2008-191-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.383152"
          },
          {
            "name": "ADV-2009-0977",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0977"
          },
          {
            "name": "31069",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31069"
          },
          {
            "name": "31008",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31008"
          },
          {
            "name": "31377",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31377"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=240261"
          },
          {
            "name": "RHSA-2008:0616",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2008-0616.html"
          },
          {
            "name": "3498",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3498"
          },
          {
            "name": "ADV-2008-1993",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1993/references"
          },
          {
            "name": "31023",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31023"
          },
          {
            "name": "MDVSA-2008:155",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:155"
          },
          {
            "name": "30038",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/30038"
          },
          {
            "name": "DSA-1607",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1607"
          },
          {
            "name": "GLSA-200808-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200808-03.xml"
          },
          {
            "name": "31005",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31005"
          },
          {
            "name": "33433",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33433"
          },
          {
            "name": "FEDORA-2008-6127",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html"
          },
          {
            "name": "1020419",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020419"
          },
          {
            "name": "31253",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31253"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15"
          },
          {
            "name": "FEDORA-2008-6737",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html"
          },
          {
            "name": "31183",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31183"
          },
          {
            "name": "30903",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30903"
          },
          {
            "name": "RHSA-2008:0547",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0547.html"
          },
          {
            "name": "FEDORA-2008-6193",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html"
          },
          {
            "name": "USN-629-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-629-1"
          },
          {
            "name": "256408",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"
          },
          {
            "name": "20071118 Re: Certificate spoofing issue with Mozilla, Konqueror, Safari 2",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/483937/100/100/threaded"
          },
          {
            "name": "SSA:2008-191",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.384911"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=402347"
          },
          {
            "name": "SSA:2008-210-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.410484"
          },
          {
            "name": "DSA-1615",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1615"
          },
          {
            "name": "20071118 RE: Certificate spoofing issue with Mozilla, Konqueror, Safari 2",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/483960/100/100/threaded"
          },
          {
            "name": "FEDORA-2008-6706",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html"
          },
          {
            "name": "31220",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31220"
          },
          {
            "name": "31195",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31195"
          },
          {
            "name": "20071118 Certificate spoofing issue with Mozilla, Konqueror, Safari 2",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/483929/100/100/threaded"
          },
          {
            "name": "oval:org.mitre.oval:def:10205",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10205"
          },
          {
            "name": "31076",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31076"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-31.html"
          },
          {
            "name": "USN-619-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-619-1"
          },
          {
            "name": "30911",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30911"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=327181"
          },
          {
            "name": "RHSA-2008:0569",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0569.html"
          },
          {
            "name": "30878",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30878"
          },
          {
            "name": "DSA-1621",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1621"
          },
          {
            "name": "20080708 rPSA-2008-0216-1 firefox",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/494080/100/0/threaded"
          },
          {
            "name": "1018979",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1018979"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://nils.toedtmann.net/pub/subjectAltName.txt"
          },
          {
            "name": "mozilla-altnames-spoofing(43524)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43524"
          },
          {
            "name": "31286",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31286"
          },
          {
            "name": "FEDORA-2008-6196",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html"
          },
          {
            "name": "34501",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34501"
          },
          {
            "name": "MDVSA-2008:136",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:136"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-11-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "SUSE-SA:2008:034",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html"
        },
        {
          "name": "RHSA-2008:0549",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0549.html"
        },
        {
          "name": "DSA-1697",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1697"
        },
        {
          "name": "31021",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31021"
        },
        {
          "name": "30898",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30898"
        },
        {
          "name": "31403",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31403"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0216"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-2646"
        },
        {
          "name": "30949",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30949"
        },
        {
          "name": "SSA:2008-191-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.383152"
        },
        {
          "name": "ADV-2009-0977",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0977"
        },
        {
          "name": "31069",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31069"
        },
        {
          "name": "31008",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31008"
        },
        {
          "name": "31377",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31377"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=240261"
        },
        {
          "name": "RHSA-2008:0616",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2008-0616.html"
        },
        {
          "name": "3498",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3498"
        },
        {
          "name": "ADV-2008-1993",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1993/references"
        },
        {
          "name": "31023",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31023"
        },
        {
          "name": "MDVSA-2008:155",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:155"
        },
        {
          "name": "30038",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/30038"
        },
        {
          "name": "DSA-1607",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1607"
        },
        {
          "name": "GLSA-200808-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200808-03.xml"
        },
        {
          "name": "31005",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31005"
        },
        {
          "name": "33433",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33433"
        },
        {
          "name": "FEDORA-2008-6127",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html"
        },
        {
          "name": "1020419",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020419"
        },
        {
          "name": "31253",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31253"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15"
        },
        {
          "name": "FEDORA-2008-6737",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html"
        },
        {
          "name": "31183",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31183"
        },
        {
          "name": "30903",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30903"
        },
        {
          "name": "RHSA-2008:0547",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0547.html"
        },
        {
          "name": "FEDORA-2008-6193",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html"
        },
        {
          "name": "USN-629-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-629-1"
        },
        {
          "name": "256408",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"
        },
        {
          "name": "20071118 Re: Certificate spoofing issue with Mozilla, Konqueror, Safari 2",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/483937/100/100/threaded"
        },
        {
          "name": "SSA:2008-191",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.384911"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=402347"
        },
        {
          "name": "SSA:2008-210-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.410484"
        },
        {
          "name": "DSA-1615",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1615"
        },
        {
          "name": "20071118 RE: Certificate spoofing issue with Mozilla, Konqueror, Safari 2",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/483960/100/100/threaded"
        },
        {
          "name": "FEDORA-2008-6706",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html"
        },
        {
          "name": "31220",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31220"
        },
        {
          "name": "31195",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31195"
        },
        {
          "name": "20071118 Certificate spoofing issue with Mozilla, Konqueror, Safari 2",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/483929/100/100/threaded"
        },
        {
          "name": "oval:org.mitre.oval:def:10205",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10205"
        },
        {
          "name": "31076",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31076"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-31.html"
        },
        {
          "name": "USN-619-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-619-1"
        },
        {
          "name": "30911",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30911"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=327181"
        },
        {
          "name": "RHSA-2008:0569",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0569.html"
        },
        {
          "name": "30878",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30878"
        },
        {
          "name": "DSA-1621",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1621"
        },
        {
          "name": "20080708 rPSA-2008-0216-1 firefox",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/494080/100/0/threaded"
        },
        {
          "name": "1018979",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1018979"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://nils.toedtmann.net/pub/subjectAltName.txt"
        },
        {
          "name": "mozilla-altnames-spoofing(43524)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43524"
        },
        {
          "name": "31286",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31286"
        },
        {
          "name": "FEDORA-2008-6196",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html"
        },
        {
          "name": "34501",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34501"
        },
        {
          "name": "MDVSA-2008:136",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:136"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2008-2809",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SA:2008:034",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html"
            },
            {
              "name": "RHSA-2008:0549",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0549.html"
            },
            {
              "name": "DSA-1697",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2009/dsa-1697"
            },
            {
              "name": "31021",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31021"
            },
            {
              "name": "30898",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30898"
            },
            {
              "name": "31403",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31403"
            },
            {
              "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0216",
              "refsource": "CONFIRM",
              "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0216"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-2646",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-2646"
            },
            {
              "name": "30949",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30949"
            },
            {
              "name": "SSA:2008-191-03",
              "refsource": "SLACKWARE",
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.383152"
            },
            {
              "name": "ADV-2009-0977",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/0977"
            },
            {
              "name": "31069",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31069"
            },
            {
              "name": "31008",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31008"
            },
            {
              "name": "31377",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31377"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=240261",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=240261"
            },
            {
              "name": "RHSA-2008:0616",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2008-0616.html"
            },
            {
              "name": "3498",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3498"
            },
            {
              "name": "ADV-2008-1993",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1993/references"
            },
            {
              "name": "31023",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31023"
            },
            {
              "name": "MDVSA-2008:155",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:155"
            },
            {
              "name": "30038",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/30038"
            },
            {
              "name": "DSA-1607",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1607"
            },
            {
              "name": "GLSA-200808-03",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200808-03.xml"
            },
            {
              "name": "31005",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31005"
            },
            {
              "name": "33433",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33433"
            },
            {
              "name": "FEDORA-2008-6127",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html"
            },
            {
              "name": "1020419",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020419"
            },
            {
              "name": "31253",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31253"
            },
            {
              "name": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15"
            },
            {
              "name": "FEDORA-2008-6737",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html"
            },
            {
              "name": "31183",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31183"
            },
            {
              "name": "30903",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30903"
            },
            {
              "name": "RHSA-2008:0547",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0547.html"
            },
            {
              "name": "FEDORA-2008-6193",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html"
            },
            {
              "name": "USN-629-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-629-1"
            },
            {
              "name": "256408",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"
            },
            {
              "name": "20071118 Re: Certificate spoofing issue with Mozilla, Konqueror, Safari 2",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/483937/100/100/threaded"
            },
            {
              "name": "SSA:2008-191",
              "refsource": "SLACKWARE",
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.384911"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=402347",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=402347"
            },
            {
              "name": "SSA:2008-210-05",
              "refsource": "SLACKWARE",
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.410484"
            },
            {
              "name": "DSA-1615",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1615"
            },
            {
              "name": "20071118 RE: Certificate spoofing issue with Mozilla, Konqueror, Safari 2",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/483960/100/100/threaded"
            },
            {
              "name": "FEDORA-2008-6706",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html"
            },
            {
              "name": "31220",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31220"
            },
            {
              "name": "31195",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31195"
            },
            {
              "name": "20071118 Certificate spoofing issue with Mozilla, Konqueror, Safari 2",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/483929/100/100/threaded"
            },
            {
              "name": "oval:org.mitre.oval:def:10205",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10205"
            },
            {
              "name": "31076",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31076"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2008/mfsa2008-31.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-31.html"
            },
            {
              "name": "USN-619-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-619-1"
            },
            {
              "name": "30911",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30911"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=327181",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=327181"
            },
            {
              "name": "RHSA-2008:0569",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0569.html"
            },
            {
              "name": "30878",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30878"
            },
            {
              "name": "DSA-1621",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1621"
            },
            {
              "name": "20080708 rPSA-2008-0216-1 firefox",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/494080/100/0/threaded"
            },
            {
              "name": "1018979",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1018979"
            },
            {
              "name": "http://nils.toedtmann.net/pub/subjectAltName.txt",
              "refsource": "MISC",
              "url": "http://nils.toedtmann.net/pub/subjectAltName.txt"
            },
            {
              "name": "mozilla-altnames-spoofing(43524)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43524"
            },
            {
              "name": "31286",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31286"
            },
            {
              "name": "FEDORA-2008-6196",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html"
            },
            {
              "name": "34501",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34501"
            },
            {
              "name": "MDVSA-2008:136",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:136"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2008-2809",
    "datePublished": "2008-07-08T23:00:00",
    "dateReserved": "2008-06-20T00:00:00",
    "dateUpdated": "2024-08-07T09:14:14.905Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2002-0354 (GCVE-0-2002-0354)
Vulnerability from cvelistv5
Published
2002-05-03 04:00
Modified
2024-08-08 02:49
Severity ?
CWE
  • n/a
Summary
The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property.
References
http://marc.info/?l=bugtraq&m=102017952204097&w=2 mailing-list, x_refsource_BUGTRAQ
http://marc.info/?l=ntbugtraq&m=102020343728766&w=2 mailing-list, x_refsource_NTBUGTRAQ
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T02:49:27.374Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20020430 Reading local files in Netscape 6 and Mozilla (GM#001-NS)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=102017952204097\u0026w=2"
          },
          {
            "name": "20020430 Reading local files in Netscape 6 and Mozilla (GM#001-NS)",
            "tags": [
              "mailing-list",
              "x_refsource_NTBUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=ntbugtraq\u0026m=102020343728766\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-04-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-10-17T13:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20020430 Reading local files in Netscape 6 and Mozilla (GM#001-NS)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=102017952204097\u0026w=2"
        },
        {
          "name": "20020430 Reading local files in Netscape 6 and Mozilla (GM#001-NS)",
          "tags": [
            "mailing-list",
            "x_refsource_NTBUGTRAQ"
          ],
          "url": "http://marc.info/?l=ntbugtraq\u0026m=102020343728766\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-0354",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20020430 Reading local files in Netscape 6 and Mozilla (GM#001-NS)",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=102017952204097\u0026w=2"
            },
            {
              "name": "20020430 Reading local files in Netscape 6 and Mozilla (GM#001-NS)",
              "refsource": "NTBUGTRAQ",
              "url": "http://marc.info/?l=ntbugtraq\u0026m=102020343728766\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-0354",
    "datePublished": "2002-05-03T04:00:00",
    "dateReserved": "2002-05-01T00:00:00",
    "dateUpdated": "2024-08-08T02:49:27.374Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-6077 (GCVE-0-2006-6077)
Vulnerability from cvelistv5
Published
2006-11-24 17:00
Modified
2024-08-07 20:12
Severity ?
CWE
  • n/a
Summary
The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password.
References
http://www.redhat.com/support/errata/RHSA-2007-0078.html vendor-advisory, x_refsource_REDHAT
http://www.info-svc.com/news/11-21-2006/rcsr1/ x_refsource_MISC
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10031 vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/24395 third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/461336/100/0/threaded mailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/24328 third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2007-0108.html vendor-advisory, x_refsource_REDHAT
http://security.gentoo.org/glsa/glsa-200703-04.xml vendor-advisory, x_refsource_GENTOO
http://www.securityfocus.com/archive/1/452440/100/0/threaded mailing-list, x_refsource_BUGTRAQ
http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml vendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/23046 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/24384 third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/452431/100/0/threaded mailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/455073/100/0/threaded mailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/24457 third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/30470 vdb-entry, x_refsource_XF
http://secunia.com/advisories/24343 third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2007/dsa-1336 vendor-advisory, x_refsource_DEBIAN
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 vendor-advisory, x_refsource_HP
http://securitytracker.com/id?1017271 vdb-entry, x_refsource_SECTRACK
http://www.mozilla.org/security/announce/2007/mfsa2007-02.html x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2007/0718 vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/archive/1/454982/100/0/threaded mailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/24650 third-party-advisory, x_refsource_SECUNIA
http://www.ubuntu.com/usn/usn-428-1 vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/24320 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/25588 third-party-advisory, x_refsource_SECUNIA
https://issues.rpath.com/browse/RPL-1103 x_refsource_CONFIRM
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html vendor-advisory, x_refsource_SUSE
http://www.securityfocus.com/archive/1/452463/100/0/threaded mailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/461809/100/0/threaded mailing-list, x_refsource_BUGTRAQ
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html vendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/24293 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/24238 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/24393 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/24342 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/24287 third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/452382/100/0/threaded mailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/455148/100/0/threaded mailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/23108 third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/21240 vdb-entry, x_refsource_BID
https://bugzilla.mozilla.org/show_bug.cgi?id=360493 x_refsource_CONFIRM
http://www.securityfocus.com/bid/22694 vdb-entry, x_refsource_BID
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 vendor-advisory, x_refsource_HP
http://fedoranews.org/cms/node/2713 vendor-advisory, x_refsource_FEDORA
http://www.redhat.com/support/errata/RHSA-2007-0097.html vendor-advisory, x_refsource_REDHAT
http://fedoranews.org/cms/node/2728 vendor-advisory, x_refsource_FEDORA
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc vendor-advisory, x_refsource_SGI
http://secunia.com/advisories/24205 third-party-advisory, x_refsource_SECUNIA
https://issues.rpath.com/browse/RPL-1081 x_refsource_CONFIRM
http://secunia.com/advisories/24333 third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/4662 vdb-entry, x_refsource_VUPEN
http://www.mandriva.com/security/advisories?name=MDKSA-2007:050 vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/24290 third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2007-0077.html vendor-advisory, x_refsource_REDHAT
ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc vendor-advisory, x_refsource_SGI
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131 vendor-advisory, x_refsource_SLACKWARE
http://www.redhat.com/support/errata/RHSA-2007-0079.html vendor-advisory, x_refsource_REDHAT
http://www.info-svc.com/news/11-21-2006/ x_refsource_MISC
http://secunia.com/advisories/24437 third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T20:12:31.622Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2007:0078",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0078.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.info-svc.com/news/11-21-2006/rcsr1/"
          },
          {
            "name": "oval:org.mitre.oval:def:10031",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10031"
          },
          {
            "name": "24395",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24395"
          },
          {
            "name": "20070226 rPSA-2007-0040-1 firefox",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/461336/100/0/threaded"
          },
          {
            "name": "24328",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24328"
          },
          {
            "name": "RHSA-2007:0108",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0108.html"
          },
          {
            "name": "GLSA-200703-04",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200703-04.xml"
          },
          {
            "name": "20061123 Re: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/452440/100/0/threaded"
          },
          {
            "name": "GLSA-200703-08",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml"
          },
          {
            "name": "23046",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23046"
          },
          {
            "name": "24384",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24384"
          },
          {
            "name": "20061123 Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/452431/100/0/threaded"
          },
          {
            "name": "20061221 Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/455073/100/0/threaded"
          },
          {
            "name": "24457",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24457"
          },
          {
            "name": "firefox-passwordmgr-information-disclosure(30470)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30470"
          },
          {
            "name": "24343",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24343"
          },
          {
            "name": "DSA-1336",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2007/dsa-1336"
          },
          {
            "name": "HPSBUX02153",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
          },
          {
            "name": "1017271",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017271"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-02.html"
          },
          {
            "name": "ADV-2007-0718",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0718"
          },
          {
            "name": "20061220 critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/454982/100/0/threaded"
          },
          {
            "name": "24650",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24650"
          },
          {
            "name": "USN-428-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-428-1"
          },
          {
            "name": "24320",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24320"
          },
          {
            "name": "25588",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25588"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-1103"
          },
          {
            "name": "SUSE-SA:2007:019",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html"
          },
          {
            "name": "20061123 Re: Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/452463/100/0/threaded"
          },
          {
            "name": "20070303 rPSA-2007-0040-3 firefox thunderbird",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/461809/100/0/threaded"
          },
          {
            "name": "SUSE-SA:2007:022",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html"
          },
          {
            "name": "24293",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24293"
          },
          {
            "name": "24238",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24238"
          },
          {
            "name": "24393",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24393"
          },
          {
            "name": "24342",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24342"
          },
          {
            "name": "24287",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24287"
          },
          {
            "name": "20061122 Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/452382/100/0/threaded"
          },
          {
            "name": "20061222 Re[2]: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/455148/100/0/threaded"
          },
          {
            "name": "23108",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23108"
          },
          {
            "name": "21240",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/21240"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=360493"
          },
          {
            "name": "22694",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/22694"
          },
          {
            "name": "SSRT061181",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
          },
          {
            "name": "FEDORA-2007-281",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://fedoranews.org/cms/node/2713"
          },
          {
            "name": "RHSA-2007:0097",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0097.html"
          },
          {
            "name": "FEDORA-2007-293",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://fedoranews.org/cms/node/2728"
          },
          {
            "name": "20070301-01-P",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc"
          },
          {
            "name": "24205",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24205"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-1081"
          },
          {
            "name": "24333",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24333"
          },
          {
            "name": "ADV-2006-4662",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4662"
          },
          {
            "name": "MDKSA-2007:050",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050"
          },
          {
            "name": "24290",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24290"
          },
          {
            "name": "RHSA-2007:0077",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2007-0077.html"
          },
          {
            "name": "20070202-01-P",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc"
          },
          {
            "name": "SSA:2007-066-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.338131"
          },
          {
            "name": "RHSA-2007:0079",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0079.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.info-svc.com/news/11-21-2006/"
          },
          {
            "name": "24437",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24437"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-11-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2007:0078",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0078.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.info-svc.com/news/11-21-2006/rcsr1/"
        },
        {
          "name": "oval:org.mitre.oval:def:10031",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10031"
        },
        {
          "name": "24395",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24395"
        },
        {
          "name": "20070226 rPSA-2007-0040-1 firefox",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/461336/100/0/threaded"
        },
        {
          "name": "24328",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24328"
        },
        {
          "name": "RHSA-2007:0108",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0108.html"
        },
        {
          "name": "GLSA-200703-04",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200703-04.xml"
        },
        {
          "name": "20061123 Re: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/452440/100/0/threaded"
        },
        {
          "name": "GLSA-200703-08",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml"
        },
        {
          "name": "23046",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23046"
        },
        {
          "name": "24384",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24384"
        },
        {
          "name": "20061123 Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/452431/100/0/threaded"
        },
        {
          "name": "20061221 Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/455073/100/0/threaded"
        },
        {
          "name": "24457",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24457"
        },
        {
          "name": "firefox-passwordmgr-information-disclosure(30470)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30470"
        },
        {
          "name": "24343",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24343"
        },
        {
          "name": "DSA-1336",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2007/dsa-1336"
        },
        {
          "name": "HPSBUX02153",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
        },
        {
          "name": "1017271",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017271"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-02.html"
        },
        {
          "name": "ADV-2007-0718",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0718"
        },
        {
          "name": "20061220 critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/454982/100/0/threaded"
        },
        {
          "name": "24650",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24650"
        },
        {
          "name": "USN-428-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-428-1"
        },
        {
          "name": "24320",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24320"
        },
        {
          "name": "25588",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25588"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-1103"
        },
        {
          "name": "SUSE-SA:2007:019",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html"
        },
        {
          "name": "20061123 Re: Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/452463/100/0/threaded"
        },
        {
          "name": "20070303 rPSA-2007-0040-3 firefox thunderbird",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/461809/100/0/threaded"
        },
        {
          "name": "SUSE-SA:2007:022",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html"
        },
        {
          "name": "24293",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24293"
        },
        {
          "name": "24238",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24238"
        },
        {
          "name": "24393",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24393"
        },
        {
          "name": "24342",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24342"
        },
        {
          "name": "24287",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24287"
        },
        {
          "name": "20061122 Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/452382/100/0/threaded"
        },
        {
          "name": "20061222 Re[2]: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/455148/100/0/threaded"
        },
        {
          "name": "23108",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23108"
        },
        {
          "name": "21240",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/21240"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=360493"
        },
        {
          "name": "22694",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/22694"
        },
        {
          "name": "SSRT061181",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
        },
        {
          "name": "FEDORA-2007-281",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://fedoranews.org/cms/node/2713"
        },
        {
          "name": "RHSA-2007:0097",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0097.html"
        },
        {
          "name": "FEDORA-2007-293",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://fedoranews.org/cms/node/2728"
        },
        {
          "name": "20070301-01-P",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc"
        },
        {
          "name": "24205",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24205"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-1081"
        },
        {
          "name": "24333",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24333"
        },
        {
          "name": "ADV-2006-4662",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4662"
        },
        {
          "name": "MDKSA-2007:050",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050"
        },
        {
          "name": "24290",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24290"
        },
        {
          "name": "RHSA-2007:0077",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2007-0077.html"
        },
        {
          "name": "20070202-01-P",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc"
        },
        {
          "name": "SSA:2007-066-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.338131"
        },
        {
          "name": "RHSA-2007:0079",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0079.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.info-svc.com/news/11-21-2006/"
        },
        {
          "name": "24437",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24437"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-6077",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2007:0078",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0078.html"
            },
            {
              "name": "http://www.info-svc.com/news/11-21-2006/rcsr1/",
              "refsource": "MISC",
              "url": "http://www.info-svc.com/news/11-21-2006/rcsr1/"
            },
            {
              "name": "oval:org.mitre.oval:def:10031",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10031"
            },
            {
              "name": "24395",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24395"
            },
            {
              "name": "20070226 rPSA-2007-0040-1 firefox",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/461336/100/0/threaded"
            },
            {
              "name": "24328",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24328"
            },
            {
              "name": "RHSA-2007:0108",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0108.html"
            },
            {
              "name": "GLSA-200703-04",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200703-04.xml"
            },
            {
              "name": "20061123 Re: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/452440/100/0/threaded"
            },
            {
              "name": "GLSA-200703-08",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml"
            },
            {
              "name": "23046",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23046"
            },
            {
              "name": "24384",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24384"
            },
            {
              "name": "20061123 Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/452431/100/0/threaded"
            },
            {
              "name": "20061221 Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/455073/100/0/threaded"
            },
            {
              "name": "24457",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24457"
            },
            {
              "name": "firefox-passwordmgr-information-disclosure(30470)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30470"
            },
            {
              "name": "24343",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24343"
            },
            {
              "name": "DSA-1336",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2007/dsa-1336"
            },
            {
              "name": "HPSBUX02153",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
            },
            {
              "name": "1017271",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017271"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2007/mfsa2007-02.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-02.html"
            },
            {
              "name": "ADV-2007-0718",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0718"
            },
            {
              "name": "20061220 critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/454982/100/0/threaded"
            },
            {
              "name": "24650",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24650"
            },
            {
              "name": "USN-428-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-428-1"
            },
            {
              "name": "24320",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24320"
            },
            {
              "name": "25588",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25588"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-1103",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-1103"
            },
            {
              "name": "SUSE-SA:2007:019",
              "refsource": "SUSE",
              "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html"
            },
            {
              "name": "20061123 Re: Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/452463/100/0/threaded"
            },
            {
              "name": "20070303 rPSA-2007-0040-3 firefox thunderbird",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/461809/100/0/threaded"
            },
            {
              "name": "SUSE-SA:2007:022",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html"
            },
            {
              "name": "24293",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24293"
            },
            {
              "name": "24238",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24238"
            },
            {
              "name": "24393",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24393"
            },
            {
              "name": "24342",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24342"
            },
            {
              "name": "24287",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24287"
            },
            {
              "name": "20061122 Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/452382/100/0/threaded"
            },
            {
              "name": "20061222 Re[2]: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/455148/100/0/threaded"
            },
            {
              "name": "23108",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23108"
            },
            {
              "name": "21240",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/21240"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=360493",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=360493"
            },
            {
              "name": "22694",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/22694"
            },
            {
              "name": "SSRT061181",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
            },
            {
              "name": "FEDORA-2007-281",
              "refsource": "FEDORA",
              "url": "http://fedoranews.org/cms/node/2713"
            },
            {
              "name": "RHSA-2007:0097",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0097.html"
            },
            {
              "name": "FEDORA-2007-293",
              "refsource": "FEDORA",
              "url": "http://fedoranews.org/cms/node/2728"
            },
            {
              "name": "20070301-01-P",
              "refsource": "SGI",
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc"
            },
            {
              "name": "24205",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24205"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-1081",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-1081"
            },
            {
              "name": "24333",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24333"
            },
            {
              "name": "ADV-2006-4662",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/4662"
            },
            {
              "name": "MDKSA-2007:050",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050"
            },
            {
              "name": "24290",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24290"
            },
            {
              "name": "RHSA-2007:0077",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2007-0077.html"
            },
            {
              "name": "20070202-01-P",
              "refsource": "SGI",
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc"
            },
            {
              "name": "SSA:2007-066-05",
              "refsource": "SLACKWARE",
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.338131"
            },
            {
              "name": "RHSA-2007:0079",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0079.html"
            },
            {
              "name": "http://www.info-svc.com/news/11-21-2006/",
              "refsource": "MISC",
              "url": "http://www.info-svc.com/news/11-21-2006/"
            },
            {
              "name": "24437",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24437"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-6077",
    "datePublished": "2006-11-24T17:00:00",
    "dateReserved": "2006-11-24T00:00:00",
    "dateUpdated": "2024-08-07T20:12:31.622Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2003-1265 (GCVE-0-2003-1265)
Vulnerability from cvelistv5
Published
2005-11-16 07:37
Modified
2024-08-08 02:19
Severity ?
CWE
  • n/a
Summary
Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T02:19:46.060Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20030101 Potential disclosure of sensitive information in Netscape 7.0 email client",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0277.html"
          },
          {
            "name": "1005871",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1005871"
          },
          {
            "name": "6499",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/6499"
          },
          {
            "name": "netscape-email-deletion-failure(10963)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/10963.php"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-01-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the \u0027Empty Trash\u0027 option, which could allow local users to access deleted messages."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2008-03-11T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20030101 Potential disclosure of sensitive information in Netscape 7.0 email client",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0277.html"
        },
        {
          "name": "1005871",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1005871"
        },
        {
          "name": "6499",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/6499"
        },
        {
          "name": "netscape-email-deletion-failure(10963)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/10963.php"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-1265",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the \u0027Empty Trash\u0027 option, which could allow local users to access deleted messages."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20030101 Potential disclosure of sensitive information in Netscape 7.0 email client",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0277.html"
            },
            {
              "name": "1005871",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1005871"
            },
            {
              "name": "6499",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/6499"
            },
            {
              "name": "netscape-email-deletion-failure(10963)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/10963.php"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-1265",
    "datePublished": "2005-11-16T07:37:00",
    "dateReserved": "2005-11-16T00:00:00",
    "dateUpdated": "2024-08-08T02:19:46.060Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-4253 (GCVE-0-2006-4253)
Vulnerability from cvelistv5
Published
2006-08-21 20:00
Modified
2024-08-07 19:06
Severity ?
CWE
  • n/a
Summary
Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3. NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie. Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability. NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected.
References
http://www.securityfocus.com/archive/1/448956/100/100/threaded mailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/443500/100/100/threaded mailing-list, x_refsource_BUGTRAQ
http://securitytracker.com/id?1016847 vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/22391 third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/3748 vdb-entry, x_refsource_VUPEN
http://www.redhat.com/support/errata/RHSA-2006-0676.html vendor-advisory, x_refsource_REDHAT
http://www.mozilla.org/security/announce/2006/mfsa2006-59.html x_refsource_CONFIRM
http://lcamtuf.coredump.cx/ffoxdie.html x_refsource_MISC
http://secunia.com/advisories/22055 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22195 third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9528 vdb-entry, signature, x_refsource_OVAL
http://www.ubuntu.com/usn/usn-352-1 vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/21513 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21950 third-party-advisory, x_refsource_SECUNIA
http://www.ubuntu.com/usn/usn-351-1 vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/22025 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22056 third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2006:168 vendor-advisory, x_refsource_MANDRIVA
http://www.securityfocus.com/archive/1/443020/100/100/threaded mailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/22210 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/24711 third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200610-04.xml vendor-advisory, x_refsource_GENTOO
http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm x_refsource_CONFIRM
http://www.pianetapc.it/view.php?id=770 x_refsource_MISC
http://www.vupen.com/english/advisories/2008/0083 vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/archive/1/443528/100/0/threaded mailing-list, x_refsource_BUGTRAQ
ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc vendor-advisory, x_refsource_SGI
http://secunia.com/advisories/21939 third-party-advisory, x_refsource_SECUNIA
http://securitytracker.com/id?1016848 vdb-entry, x_refsource_SECTRACK
http://www.vupen.com/english/advisories/2006/3617 vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/21915 third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/1198 vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/archive/1/447837/100/200/threaded mailing-list, x_refsource_BUGTRAQ
http://www.redhat.com/support/errata/RHSA-2006-0677.html vendor-advisory, x_refsource_REDHAT
http://security.gentoo.org/glsa/glsa-200609-19.xml vendor-advisory, x_refsource_GENTOO
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742 vendor-advisory, x_refsource_HP
http://www.securityfocus.com/archive/1/448984/100/100/threaded mailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/22274 third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2006-0675.html vendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/21940 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22001 third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/446140/100/0/threaded mailing-list, x_refsource_BUGTRAQ
http://www.ubuntu.com/usn/usn-350-1 vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/21906 third-party-advisory, x_refsource_SECUNIA
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742 vendor-advisory, x_refsource_HP
http://www.securityfocus.com/archive/1/449245/100/100/threaded mailing-list, x_refsource_BUGTRAQ
http://security.gentoo.org/glsa/glsa-200610-01.xml vendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/22074 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22066 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22088 third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/443306/100/100/threaded mailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/21949 third-party-advisory, x_refsource_SECUNIA
http://www.novell.com/linux/security/advisories/2006_54_mozilla.html vendor-advisory, x_refsource_SUSE
https://bugzilla.mozilla.org/show_bug.cgi?id=348514 x_refsource_CONFIRM
http://www.securityfocus.com/bid/19534 vdb-entry, x_refsource_BID
https://issues.rpath.com/browse/RPL-640 x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/447840/100/200/threaded mailing-list, x_refsource_BUGTRAQ
http://lcamtuf.coredump.cx/ffoxdie3.html x_refsource_MISC
http://www.securityfocus.com/archive/1/449726/100/0/threaded mailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/22036 third-party-advisory, x_refsource_SECUNIA
http://securitytracker.com/id?1016846 vdb-entry, x_refsource_SECTRACK
http://www.ubuntu.com/usn/usn-354-1 vendor-advisory, x_refsource_UBUNTU
http://www.securityfocus.com/bid/19488 vdb-entry, x_refsource_BID
http://www.securityfocus.com/archive/1/449487/100/0/threaded mailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/22422 third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2006:169 vendor-advisory, x_refsource_MANDRIVA
http://www.securiteam.com/securitynews/5VP0M0AJFW.html x_refsource_MISC
http://secunia.com/advisories/21916 third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:06:07.637Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20061017 Flaw in Firefox 2.0 RC2",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/448956/100/100/threaded"
          },
          {
            "name": "20060817 Re: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/443500/100/100/threaded"
          },
          {
            "name": "1016847",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016847"
          },
          {
            "name": "22391",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22391"
          },
          {
            "name": "ADV-2006-3748",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3748"
          },
          {
            "name": "RHSA-2006:0676",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0676.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-59.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lcamtuf.coredump.cx/ffoxdie.html"
          },
          {
            "name": "22055",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22055"
          },
          {
            "name": "22195",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22195"
          },
          {
            "name": "oval:org.mitre.oval:def:9528",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9528"
          },
          {
            "name": "USN-352-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-352-1"
          },
          {
            "name": "21513",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21513"
          },
          {
            "name": "21950",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21950"
          },
          {
            "name": "USN-351-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-351-1"
          },
          {
            "name": "22025",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22025"
          },
          {
            "name": "22056",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22056"
          },
          {
            "name": "MDKSA-2006:168",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168"
          },
          {
            "name": "20060812 Concurrency-related vulnerabilities in browsers - expect problems",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/443020/100/100/threaded"
          },
          {
            "name": "22210",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22210"
          },
          {
            "name": "24711",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24711"
          },
          {
            "name": "GLSA-200610-04",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200610-04.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.pianetapc.it/view.php?id=770"
          },
          {
            "name": "ADV-2008-0083",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0083"
          },
          {
            "name": "20060817 RE: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/443528/100/0/threaded"
          },
          {
            "name": "20060901-01-P",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
          },
          {
            "name": "21939",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21939"
          },
          {
            "name": "1016848",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016848"
          },
          {
            "name": "ADV-2006-3617",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3617"
          },
          {
            "name": "21915",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21915"
          },
          {
            "name": "ADV-2007-1198",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1198"
          },
          {
            "name": "20061006 Re: Concurrency-related vulnerabilities in browsers - expect problems",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/447837/100/200/threaded"
          },
          {
            "name": "RHSA-2006:0677",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0677.html"
          },
          {
            "name": "GLSA-200609-19",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200609-19.xml"
          },
          {
            "name": "SSRT061181",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
          },
          {
            "name": "20061017 Re: Flaw in Firefox 2.0 RC2",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/448984/100/100/threaded"
          },
          {
            "name": "22274",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22274"
          },
          {
            "name": "RHSA-2006:0675",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0675.html"
          },
          {
            "name": "21940",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21940"
          },
          {
            "name": "22001",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22001"
          },
          {
            "name": "20060915 rPSA-2006-0169-1 firefox thunderbird",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/446140/100/0/threaded"
          },
          {
            "name": "USN-350-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-350-1"
          },
          {
            "name": "21906",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21906"
          },
          {
            "name": "HPSBUX02153",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
          },
          {
            "name": "20061019 Re: Flaw in Firefox 2.0 RC2",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/449245/100/100/threaded"
          },
          {
            "name": "GLSA-200610-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200610-01.xml"
          },
          {
            "name": "22074",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22074"
          },
          {
            "name": "22066",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22066"
          },
          {
            "name": "22088",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22088"
          },
          {
            "name": "20060815 Re: Concurrency-related vulnerabilities in browsers - expect problems",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/443306/100/100/threaded"
          },
          {
            "name": "21949",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21949"
          },
          {
            "name": "SUSE-SA:2006:054",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=348514"
          },
          {
            "name": "19534",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19534"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-640"
          },
          {
            "name": "20061005 Re: Concurrency-related vulnerabilities in browsers - expect problems",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/447840/100/200/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lcamtuf.coredump.cx/ffoxdie3.html"
          },
          {
            "name": "20061025 Mozilla Firefox JavaScript Handler Race Condition Memory Corruption Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/449726/100/0/threaded"
          },
          {
            "name": "22036",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22036"
          },
          {
            "name": "1016846",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016846"
          },
          {
            "name": "USN-354-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-354-1"
          },
          {
            "name": "19488",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19488"
          },
          {
            "name": "20061023 Flaw in Firefox 2.0 Final",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/449487/100/0/threaded"
          },
          {
            "name": "22422",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22422"
          },
          {
            "name": "MDKSA-2006:169",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securiteam.com/securitynews/5VP0M0AJFW.html"
          },
          {
            "name": "21916",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21916"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-08-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3.  NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie.  Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability.  NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20061017 Flaw in Firefox 2.0 RC2",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/448956/100/100/threaded"
        },
        {
          "name": "20060817 Re: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/443500/100/100/threaded"
        },
        {
          "name": "1016847",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016847"
        },
        {
          "name": "22391",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22391"
        },
        {
          "name": "ADV-2006-3748",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3748"
        },
        {
          "name": "RHSA-2006:0676",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0676.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-59.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lcamtuf.coredump.cx/ffoxdie.html"
        },
        {
          "name": "22055",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22055"
        },
        {
          "name": "22195",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22195"
        },
        {
          "name": "oval:org.mitre.oval:def:9528",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9528"
        },
        {
          "name": "USN-352-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-352-1"
        },
        {
          "name": "21513",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21513"
        },
        {
          "name": "21950",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21950"
        },
        {
          "name": "USN-351-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-351-1"
        },
        {
          "name": "22025",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22025"
        },
        {
          "name": "22056",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22056"
        },
        {
          "name": "MDKSA-2006:168",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168"
        },
        {
          "name": "20060812 Concurrency-related vulnerabilities in browsers - expect problems",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/443020/100/100/threaded"
        },
        {
          "name": "22210",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22210"
        },
        {
          "name": "24711",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24711"
        },
        {
          "name": "GLSA-200610-04",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200610-04.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.pianetapc.it/view.php?id=770"
        },
        {
          "name": "ADV-2008-0083",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0083"
        },
        {
          "name": "20060817 RE: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/443528/100/0/threaded"
        },
        {
          "name": "20060901-01-P",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
        },
        {
          "name": "21939",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21939"
        },
        {
          "name": "1016848",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016848"
        },
        {
          "name": "ADV-2006-3617",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3617"
        },
        {
          "name": "21915",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21915"
        },
        {
          "name": "ADV-2007-1198",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1198"
        },
        {
          "name": "20061006 Re: Concurrency-related vulnerabilities in browsers - expect problems",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/447837/100/200/threaded"
        },
        {
          "name": "RHSA-2006:0677",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0677.html"
        },
        {
          "name": "GLSA-200609-19",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200609-19.xml"
        },
        {
          "name": "SSRT061181",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
        },
        {
          "name": "20061017 Re: Flaw in Firefox 2.0 RC2",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/448984/100/100/threaded"
        },
        {
          "name": "22274",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22274"
        },
        {
          "name": "RHSA-2006:0675",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0675.html"
        },
        {
          "name": "21940",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21940"
        },
        {
          "name": "22001",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22001"
        },
        {
          "name": "20060915 rPSA-2006-0169-1 firefox thunderbird",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/446140/100/0/threaded"
        },
        {
          "name": "USN-350-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-350-1"
        },
        {
          "name": "21906",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21906"
        },
        {
          "name": "HPSBUX02153",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
        },
        {
          "name": "20061019 Re: Flaw in Firefox 2.0 RC2",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/449245/100/100/threaded"
        },
        {
          "name": "GLSA-200610-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200610-01.xml"
        },
        {
          "name": "22074",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22074"
        },
        {
          "name": "22066",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22066"
        },
        {
          "name": "22088",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22088"
        },
        {
          "name": "20060815 Re: Concurrency-related vulnerabilities in browsers - expect problems",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/443306/100/100/threaded"
        },
        {
          "name": "21949",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21949"
        },
        {
          "name": "SUSE-SA:2006:054",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=348514"
        },
        {
          "name": "19534",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19534"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-640"
        },
        {
          "name": "20061005 Re: Concurrency-related vulnerabilities in browsers - expect problems",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/447840/100/200/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lcamtuf.coredump.cx/ffoxdie3.html"
        },
        {
          "name": "20061025 Mozilla Firefox JavaScript Handler Race Condition Memory Corruption Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/449726/100/0/threaded"
        },
        {
          "name": "22036",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22036"
        },
        {
          "name": "1016846",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016846"
        },
        {
          "name": "USN-354-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-354-1"
        },
        {
          "name": "19488",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19488"
        },
        {
          "name": "20061023 Flaw in Firefox 2.0 Final",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/449487/100/0/threaded"
        },
        {
          "name": "22422",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22422"
        },
        {
          "name": "MDKSA-2006:169",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securiteam.com/securitynews/5VP0M0AJFW.html"
        },
        {
          "name": "21916",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21916"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-4253",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3.  NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie.  Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability.  NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20061017 Flaw in Firefox 2.0 RC2",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/448956/100/100/threaded"
            },
            {
              "name": "20060817 Re: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/443500/100/100/threaded"
            },
            {
              "name": "1016847",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016847"
            },
            {
              "name": "22391",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22391"
            },
            {
              "name": "ADV-2006-3748",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3748"
            },
            {
              "name": "RHSA-2006:0676",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0676.html"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-59.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-59.html"
            },
            {
              "name": "http://lcamtuf.coredump.cx/ffoxdie.html",
              "refsource": "MISC",
              "url": "http://lcamtuf.coredump.cx/ffoxdie.html"
            },
            {
              "name": "22055",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22055"
            },
            {
              "name": "22195",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22195"
            },
            {
              "name": "oval:org.mitre.oval:def:9528",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9528"
            },
            {
              "name": "USN-352-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-352-1"
            },
            {
              "name": "21513",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21513"
            },
            {
              "name": "21950",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21950"
            },
            {
              "name": "USN-351-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-351-1"
            },
            {
              "name": "22025",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22025"
            },
            {
              "name": "22056",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22056"
            },
            {
              "name": "MDKSA-2006:168",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168"
            },
            {
              "name": "20060812 Concurrency-related vulnerabilities in browsers - expect problems",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/443020/100/100/threaded"
            },
            {
              "name": "22210",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22210"
            },
            {
              "name": "24711",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24711"
            },
            {
              "name": "GLSA-200610-04",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200610-04.xml"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm"
            },
            {
              "name": "http://www.pianetapc.it/view.php?id=770",
              "refsource": "MISC",
              "url": "http://www.pianetapc.it/view.php?id=770"
            },
            {
              "name": "ADV-2008-0083",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0083"
            },
            {
              "name": "20060817 RE: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/443528/100/0/threaded"
            },
            {
              "name": "20060901-01-P",
              "refsource": "SGI",
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
            },
            {
              "name": "21939",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21939"
            },
            {
              "name": "1016848",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016848"
            },
            {
              "name": "ADV-2006-3617",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3617"
            },
            {
              "name": "21915",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21915"
            },
            {
              "name": "ADV-2007-1198",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/1198"
            },
            {
              "name": "20061006 Re: Concurrency-related vulnerabilities in browsers - expect problems",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/447837/100/200/threaded"
            },
            {
              "name": "RHSA-2006:0677",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0677.html"
            },
            {
              "name": "GLSA-200609-19",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200609-19.xml"
            },
            {
              "name": "SSRT061181",
              "refsource": "HP",
              "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
            },
            {
              "name": "20061017 Re: Flaw in Firefox 2.0 RC2",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/448984/100/100/threaded"
            },
            {
              "name": "22274",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22274"
            },
            {
              "name": "RHSA-2006:0675",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0675.html"
            },
            {
              "name": "21940",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21940"
            },
            {
              "name": "22001",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22001"
            },
            {
              "name": "20060915 rPSA-2006-0169-1 firefox thunderbird",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/446140/100/0/threaded"
            },
            {
              "name": "USN-350-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-350-1"
            },
            {
              "name": "21906",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21906"
            },
            {
              "name": "HPSBUX02153",
              "refsource": "HP",
              "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
            },
            {
              "name": "20061019 Re: Flaw in Firefox 2.0 RC2",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/449245/100/100/threaded"
            },
            {
              "name": "GLSA-200610-01",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200610-01.xml"
            },
            {
              "name": "22074",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22074"
            },
            {
              "name": "22066",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22066"
            },
            {
              "name": "22088",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22088"
            },
            {
              "name": "20060815 Re: Concurrency-related vulnerabilities in browsers - expect problems",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/443306/100/100/threaded"
            },
            {
              "name": "21949",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21949"
            },
            {
              "name": "SUSE-SA:2006:054",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=348514",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=348514"
            },
            {
              "name": "19534",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19534"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-640",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-640"
            },
            {
              "name": "20061005 Re: Concurrency-related vulnerabilities in browsers - expect problems",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/447840/100/200/threaded"
            },
            {
              "name": "http://lcamtuf.coredump.cx/ffoxdie3.html",
              "refsource": "MISC",
              "url": "http://lcamtuf.coredump.cx/ffoxdie3.html"
            },
            {
              "name": "20061025 Mozilla Firefox JavaScript Handler Race Condition Memory Corruption Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/449726/100/0/threaded"
            },
            {
              "name": "22036",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22036"
            },
            {
              "name": "1016846",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016846"
            },
            {
              "name": "USN-354-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-354-1"
            },
            {
              "name": "19488",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19488"
            },
            {
              "name": "20061023 Flaw in Firefox 2.0 Final",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/449487/100/0/threaded"
            },
            {
              "name": "22422",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22422"
            },
            {
              "name": "MDKSA-2006:169",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169"
            },
            {
              "name": "http://www.securiteam.com/securitynews/5VP0M0AJFW.html",
              "refsource": "MISC",
              "url": "http://www.securiteam.com/securitynews/5VP0M0AJFW.html"
            },
            {
              "name": "21916",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21916"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-4253",
    "datePublished": "2006-08-21T20:00:00",
    "dateReserved": "2006-08-21T00:00:00",
    "dateUpdated": "2024-08-07T19:06:07.637Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2002-0594 (GCVE-0-2002-0594)
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 02:56
Severity ?
CWE
  • n/a
Summary
Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T02:56:38.244Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "CLA-2002:490",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000490"
          },
          {
            "name": "20020430 RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://online.securityfocus.com/archive/1/270249"
          },
          {
            "name": "mozilla-css-files-exist(8977)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/8977.php"
          },
          {
            "name": "RHSA-2003:046",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-046.html"
          },
          {
            "name": "4640",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/4640"
          },
          {
            "name": "RHSA-2002:192",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2002-192.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-04-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2007-11-13T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "CLA-2002:490",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000490"
        },
        {
          "name": "20020430 RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://online.securityfocus.com/archive/1/270249"
        },
        {
          "name": "mozilla-css-files-exist(8977)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/8977.php"
        },
        {
          "name": "RHSA-2003:046",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-046.html"
        },
        {
          "name": "4640",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/4640"
        },
        {
          "name": "RHSA-2002:192",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2002-192.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-0594",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "CLA-2002:490",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000490"
            },
            {
              "name": "20020430 RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS)",
              "refsource": "BUGTRAQ",
              "url": "http://online.securityfocus.com/archive/1/270249"
            },
            {
              "name": "mozilla-css-files-exist(8977)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/8977.php"
            },
            {
              "name": "RHSA-2003:046",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-046.html"
            },
            {
              "name": "4640",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/4640"
            },
            {
              "name": "RHSA-2002:192",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2002-192.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-0594",
    "datePublished": "2003-04-02T05:00:00",
    "dateReserved": "2002-06-11T00:00:00",
    "dateUpdated": "2024-08-08T02:56:38.244Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-1942 (GCVE-0-2006-1942)
Vulnerability from cvelistv5
Published
2006-04-20 22:00
Modified
2024-08-07 17:27
Severity ?
CWE
  • n/a
Summary
Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an "alternate web page."
References
http://secunia.com/advisories/21176 third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/3748 vdb-entry, x_refsource_VUPEN
http://www.osvdb.org/24713 vdb-entry, x_refsource_OSVDB
http://secunia.com/advisories/19698 third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/431267/100/0/threaded mailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/20063 third-party-advisory, x_refsource_SECUNIA
http://www.mozilla.org/security/announce/2006/mfsa2006-39.html x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/25925 vdb-entry, x_refsource_XF
http://www.securityfocus.com/archive/1/433138/100/0/threaded mailing-list, x_refsource_BUGTRAQ
http://www.networksecurity.fi/advisories/netscape-view-image.html x_refsource_MISC
http://www.securityfocus.com/archive/1/435795/100/0/threaded mailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/20376 third-party-advisory, x_refsource_SECUNIA
http://securitytracker.com/id?1016202 vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/bid/18228 vdb-entry, x_refsource_BID
http://www.vupen.com/english/advisories/2008/0083 vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/archive/1/446658/100/200/threaded vendor-advisory, x_refsource_HP
http://www.debian.org/security/2006/dsa-1118 vendor-advisory, x_refsource_DEBIAN
http://www.securityfocus.com/archive/1/446658/100/200/threaded vendor-advisory, x_refsource_HP
http://www.debian.org/security/2006/dsa-1120 vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/19988 third-party-advisory, x_refsource_SECUNIA
http://www.gavinsharp.com/tmp/ImageVuln.html x_refsource_MISC
http://www.debian.org/security/2006/dsa-1134 vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/21324 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21183 third-party-advisory, x_refsource_SECUNIA
https://bugzilla.mozilla.org/show_bug.cgi?id=334341 x_refsource_CONFIRM
http://secunia.com/advisories/22066 third-party-advisory, x_refsource_SECUNIA
http://www.novell.com/linux/security/advisories/2006_35_mozilla.html vendor-advisory, x_refsource_SUSE
http://www.vupen.com/english/advisories/2006/2106 vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/archive/1/433539/30/5070/threaded mailing-list, x_refsource_BUGTRAQ
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:27:29.865Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "21176",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21176"
          },
          {
            "name": "ADV-2006-3748",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3748"
          },
          {
            "name": "24713",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/24713"
          },
          {
            "name": "19698",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19698"
          },
          {
            "name": "20060418 Another flaw in Firefox 1.5.0.2: to open files from remote",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/431267/100/0/threaded"
          },
          {
            "name": "20063",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20063"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-39.html"
          },
          {
            "name": "firefox-viewimage-security-bypass(25925)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25925"
          },
          {
            "name": "20060505 Firefox 1.5.0.3 code execution exploit",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/433138/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.networksecurity.fi/advisories/netscape-view-image.html"
          },
          {
            "name": "20060602 rPSA-2006-0091-1 firefox thunderbird",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/435795/100/0/threaded"
          },
          {
            "name": "20376",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20376"
          },
          {
            "name": "1016202",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016202"
          },
          {
            "name": "18228",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/18228"
          },
          {
            "name": "ADV-2008-0083",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0083"
          },
          {
            "name": "SSRT061181",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
          },
          {
            "name": "DSA-1118",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1118"
          },
          {
            "name": "HPSBUX02153",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
          },
          {
            "name": "DSA-1120",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1120"
          },
          {
            "name": "19988",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19988"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.gavinsharp.com/tmp/ImageVuln.html"
          },
          {
            "name": "DSA-1134",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1134"
          },
          {
            "name": "21324",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21324"
          },
          {
            "name": "21183",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21183"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=334341"
          },
          {
            "name": "22066",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22066"
          },
          {
            "name": "SUSE-SA:2006:035",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_35_mozilla.html"
          },
          {
            "name": "ADV-2006-2106",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/2106"
          },
          {
            "name": "20060507 Re: Firefox 1.5.0.3 code execution exploit",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/433539/30/5070/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-04-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an \"alternate web page.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "21176",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21176"
        },
        {
          "name": "ADV-2006-3748",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3748"
        },
        {
          "name": "24713",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/24713"
        },
        {
          "name": "19698",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19698"
        },
        {
          "name": "20060418 Another flaw in Firefox 1.5.0.2: to open files from remote",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/431267/100/0/threaded"
        },
        {
          "name": "20063",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20063"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-39.html"
        },
        {
          "name": "firefox-viewimage-security-bypass(25925)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25925"
        },
        {
          "name": "20060505 Firefox 1.5.0.3 code execution exploit",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/433138/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.networksecurity.fi/advisories/netscape-view-image.html"
        },
        {
          "name": "20060602 rPSA-2006-0091-1 firefox thunderbird",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/435795/100/0/threaded"
        },
        {
          "name": "20376",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20376"
        },
        {
          "name": "1016202",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016202"
        },
        {
          "name": "18228",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/18228"
        },
        {
          "name": "ADV-2008-0083",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0083"
        },
        {
          "name": "SSRT061181",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
        },
        {
          "name": "DSA-1118",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1118"
        },
        {
          "name": "HPSBUX02153",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
        },
        {
          "name": "DSA-1120",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1120"
        },
        {
          "name": "19988",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19988"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.gavinsharp.com/tmp/ImageVuln.html"
        },
        {
          "name": "DSA-1134",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1134"
        },
        {
          "name": "21324",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21324"
        },
        {
          "name": "21183",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21183"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=334341"
        },
        {
          "name": "22066",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22066"
        },
        {
          "name": "SUSE-SA:2006:035",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_35_mozilla.html"
        },
        {
          "name": "ADV-2006-2106",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/2106"
        },
        {
          "name": "20060507 Re: Firefox 1.5.0.3 code execution exploit",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/433539/30/5070/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-1942",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an \"alternate web page.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "21176",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21176"
            },
            {
              "name": "ADV-2006-3748",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3748"
            },
            {
              "name": "24713",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/24713"
            },
            {
              "name": "19698",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19698"
            },
            {
              "name": "20060418 Another flaw in Firefox 1.5.0.2: to open files from remote",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/431267/100/0/threaded"
            },
            {
              "name": "20063",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20063"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-39.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-39.html"
            },
            {
              "name": "firefox-viewimage-security-bypass(25925)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25925"
            },
            {
              "name": "20060505 Firefox 1.5.0.3 code execution exploit",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/433138/100/0/threaded"
            },
            {
              "name": "http://www.networksecurity.fi/advisories/netscape-view-image.html",
              "refsource": "MISC",
              "url": "http://www.networksecurity.fi/advisories/netscape-view-image.html"
            },
            {
              "name": "20060602 rPSA-2006-0091-1 firefox thunderbird",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/435795/100/0/threaded"
            },
            {
              "name": "20376",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20376"
            },
            {
              "name": "1016202",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016202"
            },
            {
              "name": "18228",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/18228"
            },
            {
              "name": "ADV-2008-0083",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0083"
            },
            {
              "name": "SSRT061181",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
            },
            {
              "name": "DSA-1118",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1118"
            },
            {
              "name": "HPSBUX02153",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
            },
            {
              "name": "DSA-1120",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1120"
            },
            {
              "name": "19988",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19988"
            },
            {
              "name": "http://www.gavinsharp.com/tmp/ImageVuln.html",
              "refsource": "MISC",
              "url": "http://www.gavinsharp.com/tmp/ImageVuln.html"
            },
            {
              "name": "DSA-1134",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1134"
            },
            {
              "name": "21324",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21324"
            },
            {
              "name": "21183",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21183"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=334341",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=334341"
            },
            {
              "name": "22066",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22066"
            },
            {
              "name": "SUSE-SA:2006:035",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2006_35_mozilla.html"
            },
            {
              "name": "ADV-2006-2106",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/2106"
            },
            {
              "name": "20060507 Re: Firefox 1.5.0.3 code execution exploit",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/433539/30/5070/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-1942",
    "datePublished": "2006-04-20T22:00:00",
    "dateReserved": "2006-04-20T00:00:00",
    "dateUpdated": "2024-08-07T17:27:29.865Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-1999-0762 (GCVE-0-1999-0762)
Vulnerability from cvelistv5
Published
2000-01-04 05:00
Modified
2024-08-01 16:48
Severity ?
CWE
  • n/a
Summary
When Javascript is embedded within the TITLE tag, Netscape Communicator allows a remote attacker to use the "about" protocol to gain access to browser information.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T16:48:37.960Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0762"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "When Javascript is embedded within the TITLE tag, Netscape Communicator allows a remote attacker to use the \"about\" protocol to gain access to browser information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-17T07:56:57",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0762"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-1999-0762",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "When Javascript is embedded within the TITLE tag, Netscape Communicator allows a remote attacker to use the \"about\" protocol to gain access to browser information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0762",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0762"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-1999-0762",
    "datePublished": "2000-01-04T05:00:00",
    "dateReserved": "1999-11-25T00:00:00",
    "dateUpdated": "2024-08-01T16:48:37.960Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2003-1492 (GCVE-0-2003-1492)
Vulnerability from cvelistv5
Published
2007-10-24 23:00
Modified
2024-08-08 02:28
Severity ?
CWE
  • n/a
Summary
Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T02:28:03.700Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20030429 \"netscape navigator\" is cracked.",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/319919"
          },
          {
            "name": "7456",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/7456"
          },
          {
            "name": "netscape-domain-obtain-info(11924)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11924"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-04-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20030429 \"netscape navigator\" is cracked.",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/319919"
        },
        {
          "name": "7456",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/7456"
        },
        {
          "name": "netscape-domain-obtain-info(11924)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11924"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-1492",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20030429 \"netscape navigator\" is cracked.",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/319919"
            },
            {
              "name": "7456",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/7456"
            },
            {
              "name": "netscape-domain-obtain-info(11924)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11924"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-1492",
    "datePublished": "2007-10-24T23:00:00",
    "dateReserved": "2007-10-24T00:00:00",
    "dateUpdated": "2024-08-08T02:28:03.700Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2002-1091 (GCVE-0-2002-1091)
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:12
Severity ?
CWE
  • n/a
Summary
Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T03:12:17.117Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2003:046",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-046.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=157989"
          },
          {
            "name": "5665",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/5665"
          },
          {
            "name": "MDKSA-2002:075",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://crash.ihug.co.nz/~Sneuro/zerogif/"
          },
          {
            "name": "RHSA-2002:192",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2002-192.html"
          },
          {
            "name": "20020906 zero-width gif: exploit PoC for NS6.2.3 (fixed in 7.0) [Was: GIFs",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=103134051120770\u0026w=2"
          },
          {
            "name": "netscape-zero-gif-bo(10058)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/10058.php"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-09-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2007-11-13T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2003:046",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-046.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=157989"
        },
        {
          "name": "5665",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/5665"
        },
        {
          "name": "MDKSA-2002:075",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://crash.ihug.co.nz/~Sneuro/zerogif/"
        },
        {
          "name": "RHSA-2002:192",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2002-192.html"
        },
        {
          "name": "20020906 zero-width gif: exploit PoC for NS6.2.3 (fixed in 7.0) [Was: GIFs",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=103134051120770\u0026w=2"
        },
        {
          "name": "netscape-zero-gif-bo(10058)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/10058.php"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-1091",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2003:046",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-046.html"
            },
            {
              "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=157989",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=157989"
            },
            {
              "name": "5665",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/5665"
            },
            {
              "name": "MDKSA-2002:075",
              "refsource": "MANDRAKE",
              "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075"
            },
            {
              "name": "http://crash.ihug.co.nz/~Sneuro/zerogif/",
              "refsource": "MISC",
              "url": "http://crash.ihug.co.nz/~Sneuro/zerogif/"
            },
            {
              "name": "RHSA-2002:192",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2002-192.html"
            },
            {
              "name": "20020906 zero-width gif: exploit PoC for NS6.2.3 (fixed in 7.0) [Was: GIFs",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=103134051120770\u0026w=2"
            },
            {
              "name": "netscape-zero-gif-bo(10058)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/10058.php"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-1091",
    "datePublished": "2004-09-01T04:00:00",
    "dateReserved": "2002-09-06T00:00:00",
    "dateUpdated": "2024-08-08T03:12:17.117Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2002-11-29 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression.
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B40771F-30CB-45D0-9EDE-1F13852085B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E4F64F8-CCC2-47FF-9B9D-41B3BCDD513C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "47315EC4-1EED-4070-A087-8E37C8FE6703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F1EB38F-CEB2-40BC-AA5D-CC539F597137",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCDAEAE6-BA9F-4D40-B264-4A72930239E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8987151-0901-4547-B750-5DC470BB9CF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "66A87ED8-9E1F-4C2C-B806-A41765081C9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7D7FA24-4B6F-4D67-95BE-46819033CA6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9B316E0-4A05-411A-8279-404C82288BE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B91D7920-86E6-4842-897A-553F018AD493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36889B90-FD18-4A5A-A732-788240E10FEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "30A0231A-B664-46C2-9602-B60EAD6AEC12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en el mont\u00edculo (heap) en Netscape y Mozilla permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante una URL de tipo jar: que referencia a un fichero .jar malformado, lo que desborda un b\u00fafer durante la descompresi\u00f3n."
    }
  ],
  "id": "CVE-2002-1308",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2002-11-29T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=157646"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=103730181813075\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-162.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-163.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/6185"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10636"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=157646"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=103730181813075\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-162.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-163.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/6185"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10636"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel.
Impacted products
Vendor Product Version
mozilla mozilla *
netscape navigator 6.2.3



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3AB0749-167A-4975-863B-DCF368AA4F9C",
              "versionEndIncluding": "1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36889B90-FD18-4A5A-A732-788240E10FEE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel."
    }
  ],
  "id": "CVE-2002-2061",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2002-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=157202"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.iss.net/security_center/static/9287.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2002:074"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=157202"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.iss.net/security_center/static/9287.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2002:074"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Not vulnerable. This issue did not affect the versions of Mozilla as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.\n",
      "lastModified": "2006-08-30T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "22F00276-9071-4B96-B49C-2E0898476874",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB84CC9B-346B-4AF4-929E-D56D85960103",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9420CD82-0E5F-4486-9AF8-9DCD6ED7E037",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A9C79AB-4ABE-49E6-BAB2-94610AE0316F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "04DE7CCB-79B8-4F9B-AC14-E4A100F9E473",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1444C77E-FF98-40E5-9CA9-B4C71B3C9304",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B40771F-30CB-45D0-9EDE-1F13852085B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E4F64F8-CCC2-47FF-9B9D-41B3BCDD513C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "47315EC4-1EED-4070-A087-8E37C8FE6703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F1EB38F-CEB2-40BC-AA5D-CC539F597137",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCDAEAE6-BA9F-4D40-B264-4A72930239E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C9296197-0EE0-4CC0-A11F-E44E3443E990",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "A76ACC55-754D-4501-8312-5A4E10D053B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "209C7BB1-EFDF-43AB-9FB6-DF67465DEAEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B711600-425F-4FF9-BC5E-B8D182A2B9F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E9A5461-B0F2-49DB-A69C-3D2D27709647",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "34F6328B-44A8-4E45-918E-C54285040BFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "529E3F71-6016-461D-A162-0DBDD5505389",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.07:*:*:*:*:*:*:*",
              "matchCriteriaId": "31D02C4D-3FD1-425F-B0DB-7808089BCD0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "38FD74F5-12ED-4049-B06F-0F22A0254C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.08:*:*:*:*:*:*:*",
              "matchCriteriaId": "61268CF9-E279-4F63-B228-F9ED4B93BB99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "918BE44C-8D64-4040-BC74-802AA3FA4E10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.61:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AA534C4-9411-44EC-AA34-2287C79AD235",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.72:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A4E8588-A941-4759-B41C-00F193F2C63B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.73:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E48C051-EB45-4262-86C2-2333FD5C7745",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.74:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA48AF1E-99EF-419C-B425-001C7134C6BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.75:*:*:*:*:*:*:*",
              "matchCriteriaId": "C97DE00F-4C73-4C54-918E-D540F2C3297B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.76:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5A07AD2-2293-443A-9A32-316B832A5276",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.77:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A823994-786D-41D7-9FA7-FF8058C4AFD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5421CDE-6C31-42FF-8A06-23A6207D1B51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:6.0:*:mac:*:*:*:*:*",
              "matchCriteriaId": "ACAB9169-BC6E-49CF-9A00-3F3054677B32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:6.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "6469EB31-32FF-415C-82DD-670513911371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F112CED-879B-4A19-993A-16858B4EC16C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7D7FA24-4B6F-4D67-95BE-46819033CA6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9B316E0-4A05-411A-8279-404C82288BE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B91D7920-86E6-4842-897A-553F018AD493",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message."
    }
  ],
  "id": "CVE-2002-2338",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2002-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=144228"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://online.securityfocus.com/archive/1/276628"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.iss.net/security_center/static/9343.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/276946"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/5002"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=144228"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://online.securityfocus.com/archive/1/276628"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.iss.net/security_center/static/9343.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/276946"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/5002"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2003-08-18 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) for Netscape 7.02 allows remote attackers to execute arbitrary code via an attachment with a long filename.
Impacted products
Vendor Product Version
netscape navigator 7.0.2



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netscape:navigator:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C632D06D-0172-46DA-A7F9-0BC484365BD7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) for Netscape 7.02 allows remote attackers to execute arbitrary code via an attachment with a long filename."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en el plugin de la Herramienta de Detecci\u00f3n de cliente (CDT) (npcdt.dll) de Netscape 7.02 permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante un adjunto con un nombre de fichero largo."
    }
  ],
  "id": "CVE-2003-0553",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2003-08-18T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://jimmers.russia.webmatrixhosting.net/whitepapers/CDTbug.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=105820193406838\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jimmers.russia.webmatrixhosting.net/whitepapers/CDTbug.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=105820193406838\u0026w=2"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2006-06-07 10:02
Modified
2025-04-03 01:03
Severity ?
Summary
Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.
References
cve@mitre.orghttp://archives.neohapsis.com/archives/bugtraq/2007-02/0166.html
cve@mitre.orghttp://archives.neohapsis.com/archives/bugtraq/2007-02/0187.html
cve@mitre.orghttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
cve@mitre.orghttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
cve@mitre.orghttp://lcamtuf.coredump.cx/focusbug/
cve@mitre.orghttp://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.htmlExploit
cve@mitre.orghttp://lists.virus.org/full-disclosure-0702/msg00225.html
cve@mitre.orghttp://secunia.com/advisories/20442Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/20467Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/20470Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/20472Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/21532Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/27298Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/27335Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/27383Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/27387Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/27403Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/27414Vendor Advisory
cve@mitre.orghttp://securityreason.com/securityalert/1059
cve@mitre.orghttp://securitytracker.com/id?1018837
cve@mitre.orghttp://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
cve@mitre.orghttp://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html
cve@mitre.orghttp://www.gnucitizen.org/blog/browser-focus-rip
cve@mitre.orghttp://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2006:143
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2006:145
cve@mitre.orghttp://www.mozilla.org/security/announce/2007/mfsa2007-32.html
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2007_57_mozilla.html
cve@mitre.orghttp://www.securityfocus.com/archive/1/482876/100/200/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/482925/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/482932/100/200/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/18308
cve@mitre.orghttp://www.thanhngan.org/fflinuxversion.html
cve@mitre.orghttp://www.ubuntu.com/usn/usn-536-1
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/2160Vendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/2162Vendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/2163Vendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/2164Vendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/3544Vendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/0083Vendor Advisory
cve@mitre.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=290478
cve@mitre.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=370092
cve@mitre.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=56236
cve@mitre.orghttps://issues.rpath.com/browse/RPL-1858
cve@mitre.orghttps://usn.ubuntu.com/535-1/
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/bugtraq/2007-02/0166.html
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/bugtraq/2007-02/0187.html
af854a3a-2127-422b-91ae-364da2661108http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
af854a3a-2127-422b-91ae-364da2661108http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
af854a3a-2127-422b-91ae-364da2661108http://lcamtuf.coredump.cx/focusbug/
af854a3a-2127-422b-91ae-364da2661108http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.htmlExploit
af854a3a-2127-422b-91ae-364da2661108http://lists.virus.org/full-disclosure-0702/msg00225.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/20442Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/20467Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/20470Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/20472Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21532Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27298Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27335Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27383Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27387Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27403Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27414Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/1059
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1018837
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
af854a3a-2127-422b-91ae-364da2661108http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html
af854a3a-2127-422b-91ae-364da2661108http://www.gnucitizen.org/blog/browser-focus-rip
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2006:143
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2006:145
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/2007/mfsa2007-32.html
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2007_57_mozilla.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/482876/100/200/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/482925/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/482932/100/200/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/18308
af854a3a-2127-422b-91ae-364da2661108http://www.thanhngan.org/fflinuxversion.html
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-536-1
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/2160Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/2162Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/2163Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/2164Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/3544Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/0083Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=290478
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=370092
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=56236
af854a3a-2127-422b-91ae-364da2661108https://issues.rpath.com/browse/RPL-1858
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/535-1/
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9189789A-4D83-4C47-8890-A437AE39A0E4",
              "versionEndIncluding": "2.0.0.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2F38886-C25A-4C6B-93E7-36461405BA99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla_suite:1.7.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC0CE9DF-4E6A-4ABE-965F-7C34690ABED1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB0F8C75-4934-453B-B502-8D0B6E9873EA",
              "versionEndIncluding": "1.1.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D949DF0A-CBC2-40E1-AE6C-60E6F58D2481",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDB53CEA-68CC-44DA-B61F-7E0126FD3DD6",
              "versionEndIncluding": "8.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form."
    }
  ],
  "id": "CVE-2006-2894",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2006-06-07T10:02:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0166.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0187.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lcamtuf.coredump.cx/focusbug/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.virus.org/full-disclosure-0702/msg00225.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20442"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20467"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20470"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20472"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21532"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27298"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27335"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27383"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27387"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27403"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27414"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/1059"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1018837"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gnucitizen.org/blog/browser-focus-rip"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-32.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2007_57_mozilla.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/482876/100/200/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/482925/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/482932/100/200/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/18308"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.thanhngan.org/fflinuxversion.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/usn-536-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/2160"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/2162"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/2163"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/2164"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/3544"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0083"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=290478"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=370092"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=56236"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://issues.rpath.com/browse/RPL-1858"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/535-1/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0166.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0187.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lcamtuf.coredump.cx/focusbug/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.virus.org/full-disclosure-0702/msg00225.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20442"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20467"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20470"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20472"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21532"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27298"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27335"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27383"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27387"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27403"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27414"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/1059"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1018837"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gnucitizen.org/blog/browser-focus-rip"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-32.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2007_57_mozilla.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/482876/100/200/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/482925/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/482932/100/200/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/18308"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.thanhngan.org/fflinuxversion.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-536-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/2160"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/2162"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/2163"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/2164"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/3544"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0083"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=290478"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=370092"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=56236"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-1858"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/535-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2007-03-10 00:19
Modified
2025-04-09 00:30
Severity ?
Summary
AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236.
Impacted products
Vendor Product Version
adobe acrobat_reader 8.0
mozilla firefox 2.0.0.3
netscape navigator *
opera opera_browser 9.2



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "996EB48E-D2A8-49E4-915A-EBDE26A9FB94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "462E135A-5616-46CC-A9C0-5A7A0526ACC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA2CA2F8-260C-4559-BF24-3E321CEAE93F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:opera:opera_browser:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "81B22949-5B71-457E-9AF3-6F9D168F9F79",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236."
    },
    {
      "lang": "es",
      "value": "AcroPDF.DLL de Adobe Reader 8.0, cuando se accede desde Mozilla Firefox, Netscape, \u00f3 Opera, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (agotamiento sin especificar de recursos) mediante una URL .pdf con un identificador de marcador que comienza con search= seguido de muchas secuencias %n, vulnerabilidad distinta a CVE-2006-6027 y CVE-2006-6236."
    }
  ],
  "id": "CVE-2007-1377",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-03-10T00:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/22856"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/data/vulnerabilities/exploits/22856.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32896"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/22856"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/data/vulnerabilities/exploits/22856.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32896"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-07-20 18:30
Modified
2025-04-09 00:30
Severity ?
Summary
Netscape 6 and 8 allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
Impacted products
Vendor Product Version
netscape navigator 6
netscape navigator 8



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netscape:navigator:6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A55DBDE7-91BA-43CD-9E1F-52737CA93EA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:8:*:*:*:*:*:*:*",
              "matchCriteriaId": "220BE0F1-EFFC-4BE0-8B5D-42FB6865EE33",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Netscape 6 and 8 allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692."
    },
    {
      "lang": "es",
      "value": "Netscape v6 y v8 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de memoria) mediante un valor entero grande en la propiedad \"length\" de un objeto \"Select\", siendo un asunto relacionado con CVE-2009-1692."
    }
  ],
  "id": "CVE-2009-2542",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-07-20T18:30:01.297",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.exploit-db.com/exploits/9160"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.g-sec.lu/one-bug-to-rule-them-all.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/504969/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/504988/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/504989/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/505006/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52876"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.exploit-db.com/exploits/9160"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.g-sec.lu/one-bug-to-rule-them-all.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/504969/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/504988/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/504989/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/505006/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52876"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method.
References
cve@mitre.orgftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
cve@mitre.orghttp://secunia.com/advisories/14820Exploit, Patch, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/14821Patch, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/19823Vendor Advisory
cve@mitre.orghttp://securitytracker.com/id?1013635Exploit
cve@mitre.orghttp://securitytracker.com/id?1013643Exploit
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200504-18.xmlPatch, Vendor Advisory
cve@mitre.orghttp://www.mozilla.org/security/announce/mfsa2005-33.htmlVendor Advisory
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2006_04_25.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2005-383.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2005-384.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2005-386.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2005-601.html
cve@mitre.orghttp://www.securityfocus.com/bid/12988
cve@mitre.orghttp://www.securityfocus.com/bid/15495
cve@mitre.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=288688
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100025
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11706
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/14820Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/14821Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19823Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1013635Exploit
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1013643Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200504-18.xmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/mfsa2005-33.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2006_04_25.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-383.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-384.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-386.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-601.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/12988
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/15495
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=288688
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100025
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11706
Impacted products
Vendor Product Version
mozilla firefox 1.0.1
mozilla firefox 1.0.2
mozilla mozilla 1.7.6
netscape navigator 7.2



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "778FAE0C-A5CF-4B67-93A9-1A803E3E699F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7447185-7509-449D-8907-F30A42CF7EB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "842CBD30-B4BA-4FCF-9152-9DBEBE59857C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method."
    }
  ],
  "id": "CVE-2005-0989",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-05-02T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/14820"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/14821"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19823"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://securitytracker.com/id?1013635"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://securitytracker.com/id?1013643"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/mfsa2005-33.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2006_04_25.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2005-383.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-384.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2005-386.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-601.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/12988"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/15495"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=288688"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100025"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11706"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/14820"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/14821"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19823"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://securitytracker.com/id?1013635"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://securitytracker.com/id?1013643"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/mfsa2005-33.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2006_04_25.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2005-383.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-384.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2005-386.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-601.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/12988"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/15495"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=288688"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100025"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11706"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2004-08-18 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code.
References
cve@mitre.orgftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
cve@mitre.orghttp://bugzilla.mozilla.org/show_bug.cgi?id=236618
cve@mitre.orghttp://www.idefense.com/application/poi/display?id=117&type=vulnerabilities
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2004_36_mozilla.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-421.html
cve@mitre.orghttp://www.securityfocus.com/bid/15495
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/16862
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4629
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9378
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
af854a3a-2127-422b-91ae-364da2661108http://bugzilla.mozilla.org/show_bug.cgi?id=236618
af854a3a-2127-422b-91ae-364da2661108http://www.idefense.com/application/poi/display?id=117&type=vulnerabilities
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-421.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/15495
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/16862
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4629
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9378
Impacted products
Vendor Product Version
mozilla mozilla 1.6
netscape navigator 7.0
netscape navigator 7.1



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BF63077-4E98-497D-8CE6-B84B022DB21D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "30A0231A-B664-46C2-9602-B60EAD6AEC12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C1BC491-9C5A-46D5-B6C3-5A8E5A1A0AF3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de enteros en el constructor de objeto SOAPParameter en (1) Netscape version 7.0 y 7.1 y (2) Mozilla 1.6, y posiblemente versiones anteriores, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n."
    }
  ],
  "id": "CVE-2004-0722",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-08-18T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=236618"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.idefense.com/application/poi/display?id=117\u0026type=vulnerabilities"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-421.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/15495"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16862"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4629"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9378"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=236618"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.idefense.com/application/poi/display?id=117\u0026type=vulnerabilities"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-421.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/15495"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16862"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4629"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9378"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2004-09-14 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.
References
cve@mitre.orghttp://bugzilla.mozilla.org/show_bug.cgi?id=250862Patch, Vendor Advisory
cve@mitre.orghttp://marc.info/?l=bugtraq&m=109698896104418&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=109900315219363&w=2
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200409-26.xmlPatch, Vendor Advisory
cve@mitre.orghttp://www.kb.cert.org/vuls/id/651928Patch, Third Party Advisory, US Government Resource
cve@mitre.orghttp://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3Vendor Advisory
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2004_36_mozilla.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/11177Exploit, Patch, Vendor Advisory
cve@mitre.orghttp://www.us-cert.gov/cas/techalerts/TA04-261A.htmlPatch, Third Party Advisory, US Government Resource
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/17374
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10378
af854a3a-2127-422b-91ae-364da2661108http://bugzilla.mozilla.org/show_bug.cgi?id=250862Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=109698896104418&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=109900315219363&w=2
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200409-26.xmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/651928Patch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2004_36_mozilla.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/11177Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA04-261A.htmlPatch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/17374
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10378



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2434FCE7-A50B-4527-9970-C7224B31141C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
              "matchCriteriaId": "5633FB6E-D623-49D4-9858-4E20E64DE458",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "567FF916-7DE0-403C-8528-7931A43E0D18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCDAEAE6-BA9F-4D40-B264-4A72930239E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C9296197-0EE0-4CC0-A11F-E44E3443E990",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "A76ACC55-754D-4501-8312-5A4E10D053B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8987151-0901-4547-B750-5DC470BB9CF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "53E60BCC-6D1C-489E-9F3B-9BE42B46704F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "66A87ED8-9E1F-4C2C-B806-A41765081C9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "C795D86F-9B08-41FE-B82B-5BBB3DE6357D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*",
              "matchCriteriaId": "2637D552-4A3D-4867-B52A-ACCED8681AF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CC237C8-CFE0-4128-B549-93CD16894E71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "6B8EA79A-8426-44CF-AF13-58F7EF8B6D88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*",
              "matchCriteriaId": "367A5D46-0FF3-4140-9478-251363822E9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAA58EE9-05C7-4395-A8A4-5F54BE4C5DAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C656A621-BE62-4BB8-9B25-A3916E60FA12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8DE4889-424F-4A44-8C14-9F18821CE961",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.4:beta:*:*:*:*:*:*",
              "matchCriteriaId": "1003D688-3EEA-45F9-BB2C-5BAB395D7678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED69BEB9-8D83-415B-826D-9D17FB67976B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AE678D7-812D-4C55-91B0-F3AC6BE0CD58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BF63077-4E98-497D-8CE6-B84B022DB21D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FE7EA3B-3BF8-4696-9488-78506074D62D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "30A0231A-B664-46C2-9602-B60EAD6AEC12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C632D06D-0172-46DA-A7F9-0BC484365BD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C1BC491-9C5A-46D5-B6C3-5A8E5A1A0AF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "842CBD30-B4BA-4FCF-9152-9DBEBE59857C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4007B0D-9606-46BD-866A-7911BEA292BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A35FC777-A34E-4C7B-9E93-8F17F3AD5180",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*",
              "matchCriteriaId": "2641EE56-6F9D-400B-B456-877F4DA79B10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*",
              "matchCriteriaId": "A4A9461E-C117-42EC-9F14-DF2A82BA7C5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*",
              "matchCriteriaId": "E0B458EA-495E-40FA-9379-C03757F7B1EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*",
              "matchCriteriaId": "409E324A-C040-494F-A026-9DCAE01C07F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*",
              "matchCriteriaId": "1728AB5D-55A9-46B0-A412-6F7263CAEB5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*",
              "matchCriteriaId": "6474B775-C893-491F-A074-802AFB1FEDD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*",
              "matchCriteriaId": "78B46FFA-5B09-473E-AD33-3DB18BD0DAFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*",
              "matchCriteriaId": "EC79FF22-2664-4C40-B0B3-6D23B5F45162",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*",
              "matchCriteriaId": "0EFE2E73-9536-41A9-B83B-0A06B54857F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C84296C-2C8A-4DCD-9751-52951F8BEA9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "138985E6-5107-4E8B-A801-C3D5FE075227",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.3:*:i386:*:*:*:*:*",
              "matchCriteriaId": "9B502A61-44FB-4CD4-85BE-88D4ACCCA441",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.3:*:i686:*:*:*:*:*",
              "matchCriteriaId": "05853955-CA81-40D3-9A70-1227F3270D3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*",
              "matchCriteriaId": "F3FDE8C4-5FFD-4CC2-9F35-7C32043966D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*",
              "matchCriteriaId": "84A50ED3-FD0D-4038-B3E7-CC65D166C968",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*",
              "matchCriteriaId": "777F9EC0-2919-45CA-BFF8-78A02537C513",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:1.0:*:desktop:*:*:*:*:*",
              "matchCriteriaId": "C7EAAD04-D7C4-43DE-B488-1AAD014B503E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*",
              "matchCriteriaId": "D2E2EF3C-1379-4CBE-8FF5-DACD47834651",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8C55338-3372-413F-82E3-E1B476D6F41A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EFB33BF-F6A5-48C1-AEB5-194FCBCFC958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB0E2D3B-B50A-46C2-BA1E-3E014DE91954",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*",
              "matchCriteriaId": "F7446746-87B7-4BD3-AABF-1E0FAA8265AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "56EF103F-5668-4754-A83B-D3662D0CE815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFABFCE5-4F86-4AE8-9849-BC360AC72098",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain."
    }
  ],
  "id": "CVE-2004-0905",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2004-09-14T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=250862"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=109698896104418\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-200409-26.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/651928"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/11177"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA04-261A.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17374"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10378"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=250862"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=109698896104418\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-200409-26.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/651928"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/11177"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA04-261A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17374"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10378"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
1999-03-01 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E9A5461-B0F2-49DB-A69C-3D2D27709647",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "05CFEB93-B230-473E-A6D0-73CA0C48CB9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:4.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "60AA08F1-9932-404D-830E-E6D126FC732B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:4.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2FBC98E-49CF-48F1-9206-DDE8166AA8E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:4.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "E57BB283-31F4-487A-87CA-A251BFC5133C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:4.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B4D5F1E-DD1B-4CCE-B16D-05AB2DEBCB18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:4.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "E20267FF-FCF8-42BF-9CF1-127FF856C6FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7EC6F62-37FF-46DD-997C-A4D77182BBEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:4.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5904FD1-9806-4C73-A4E8-98C1F8F078EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:4.07:*:*:*:*:*:*:*",
              "matchCriteriaId": "431D7EED-1152-4245-92B9-023A4AC88EA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:4.08:*:*:*:*:*:*:*",
              "matchCriteriaId": "04BBF8B2-8378-4CA3-B8D4-4ED5D7B8A674",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:4.61:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B3EFA3B-5DE7-40D0-960D-283491163E74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DDA9F90-5D16-4E04-B285-D32C362279C6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages."
    }
  ],
  "id": "CVE-1999-0440",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "1999-03-01T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://java.sun.com/pr/1999/03/pr990329-01.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=92333596624452\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/1939"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://java.sun.com/pr/1999/03/pr990329-01.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=92333596624452\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/1939"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2002-06-18 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:galeon:galeon_browser:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E89FB22-EF04-446F-AF36-44878AB57AF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:galeon:galeon_browser:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "184CDE30-30DE-49F5-A44D-36CA3852BF12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F1EB38F-CEB2-40BC-AA5D-CC539F597137",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C9296197-0EE0-4CC0-A11F-E44E3443E990",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5421CDE-6C31-42FF-8A06-23A6207D1B51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:6.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "6469EB31-32FF-415C-82DD-670513911371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F112CED-879B-4A19-993A-16858B4EC16C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7D7FA24-4B6F-4D67-95BE-46819033CA6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9B316E0-4A05-411A-8279-404C82288BE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B91D7920-86E6-4842-897A-553F018AD493",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect."
    }
  ],
  "id": "CVE-2002-0594",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2002-06-18T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000490"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://online.securityfocus.com/archive/1/270249"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.iss.net/security_center/static/8977.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2002-192.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-046.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/4640"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000490"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://online.securityfocus.com/archive/1/270249"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.iss.net/security_center/static/8977.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2002-192.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-046.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/4640"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2006-11-24 17:07
Modified
2025-04-09 00:30
Severity ?
Summary
The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password.
References
cve@mitre.orgftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc
cve@mitre.orgftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
cve@mitre.orghttp://fedoranews.org/cms/node/2713
cve@mitre.orghttp://fedoranews.org/cms/node/2728
cve@mitre.orghttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
cve@mitre.orghttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
cve@mitre.orghttp://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2007-0077.html
cve@mitre.orghttp://secunia.com/advisories/23046Exploit, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/23108
cve@mitre.orghttp://secunia.com/advisories/24205
cve@mitre.orghttp://secunia.com/advisories/24238
cve@mitre.orghttp://secunia.com/advisories/24287
cve@mitre.orghttp://secunia.com/advisories/24290
cve@mitre.orghttp://secunia.com/advisories/24293
cve@mitre.orghttp://secunia.com/advisories/24320
cve@mitre.orghttp://secunia.com/advisories/24328
cve@mitre.orghttp://secunia.com/advisories/24333
cve@mitre.orghttp://secunia.com/advisories/24342
cve@mitre.orghttp://secunia.com/advisories/24343
cve@mitre.orghttp://secunia.com/advisories/24384
cve@mitre.orghttp://secunia.com/advisories/24393
cve@mitre.orghttp://secunia.com/advisories/24395
cve@mitre.orghttp://secunia.com/advisories/24437
cve@mitre.orghttp://secunia.com/advisories/24457
cve@mitre.orghttp://secunia.com/advisories/24650
cve@mitre.orghttp://secunia.com/advisories/25588
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200703-04.xml
cve@mitre.orghttp://securitytracker.com/id?1017271Exploit
cve@mitre.orghttp://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
cve@mitre.orghttp://www.debian.org/security/2007/dsa-1336
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200703-08.xml
cve@mitre.orghttp://www.info-svc.com/news/11-21-2006/Exploit
cve@mitre.orghttp://www.info-svc.com/news/11-21-2006/rcsr1/
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2007:050
cve@mitre.orghttp://www.mozilla.org/security/announce/2007/mfsa2007-02.html
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2007_22_mozilla.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2007-0078.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2007-0079.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2007-0097.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2007-0108.html
cve@mitre.orghttp://www.securityfocus.com/archive/1/452382/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/452431/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/452440/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/452463/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/454982/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/455073/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/455148/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/461336/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/461809/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/21240Exploit
cve@mitre.orghttp://www.securityfocus.com/bid/22694
cve@mitre.orghttp://www.ubuntu.com/usn/usn-428-1
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/4662
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/0718
cve@mitre.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=360493Exploit
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/30470
cve@mitre.orghttps://issues.rpath.com/browse/RPL-1081
cve@mitre.orghttps://issues.rpath.com/browse/RPL-1103
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10031
af854a3a-2127-422b-91ae-364da2661108ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc
af854a3a-2127-422b-91ae-364da2661108ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
af854a3a-2127-422b-91ae-364da2661108http://fedoranews.org/cms/node/2713
af854a3a-2127-422b-91ae-364da2661108http://fedoranews.org/cms/node/2728
af854a3a-2127-422b-91ae-364da2661108http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
af854a3a-2127-422b-91ae-364da2661108http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
af854a3a-2127-422b-91ae-364da2661108http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2007-0077.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23046Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23108
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24205
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24238
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24287
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24290
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24293
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24320
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24328
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24333
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24342
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24343
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24384
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24393
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24395
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24437
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24457
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24650
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/25588
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200703-04.xml
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1017271Exploit
af854a3a-2127-422b-91ae-364da2661108http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2007/dsa-1336
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml
af854a3a-2127-422b-91ae-364da2661108http://www.info-svc.com/news/11-21-2006/Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.info-svc.com/news/11-21-2006/rcsr1/
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2007:050
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/2007/mfsa2007-02.html
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2007_22_mozilla.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2007-0078.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2007-0079.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2007-0097.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2007-0108.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/452382/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/452431/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/452440/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/452463/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/454982/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/455073/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/455148/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/461336/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/461809/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/21240Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/22694
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-428-1
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/4662
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/0718
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=360493Exploit
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/30470
af854a3a-2127-422b-91ae-364da2661108https://issues.rpath.com/browse/RPL-1081
af854a3a-2127-422b-91ae-364da2661108https://issues.rpath.com/browse/RPL-1103
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10031
Impacted products
Vendor Product Version
mozilla firefox *
mozilla firefox 1.5
mozilla firefox 1.5
mozilla firefox 1.5
mozilla firefox 1.5.0.1
mozilla firefox 1.5.0.2
mozilla firefox 1.5.0.3
mozilla firefox 1.5.0.4
mozilla firefox 1.5.0.5
mozilla firefox 1.5.0.6
mozilla firefox 1.5.0.7
mozilla firefox 2.0
netscape navigator 8.1.2



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD89DF1B-8235-41DE-97C5-A3D039B0C3E7",
              "versionEndIncluding": "1.5.0.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABB88E86-6E83-4A59-9266-8B98AA91774D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "E19ED1CA-DEBD-4786-BA7B-C122C7D2E5B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "66BE50FE-EA21-4633-A181-CD35196DF06E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D6BF5B1-86D1-47FE-9D9C-735718F94874",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "84D15CE0-69DF-4EFD-801E-96A4D6AABEDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEE203DE-6C0E-4FDE-9C3A-0E73430F17DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2F38886-C25A-4C6B-93E7-36461405BA99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C65D2670-F37F-48CB-804A-D35BB1C27D9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE8E5194-7B34-4802-BDA6-6A86EB5EDE05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "FABA5F56-99F7-4F8F-9CC1-5B0B2EB72922",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3487FA64-BE04-42CA-861E-3DAC097D7D32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3523E6B8-3498-4D46-9C8B-31D572263388",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password."
    },
    {
      "lang": "es",
      "value": "El (1) Password Manager en Mozilla Firefox 2.0, y 1.5.0.8 y anteriores; y el (2) Passcard Manager en Netscape 8.1.2 y posiblemente otras versiones, no verifican correctamente que una ACTION URL en un elemento FORM contiene una contrase\u00f1a (elemento INPUT) que encaja con el sitio web para lo cual el usuario almacena una contrase\u00f1a, lo cual permite a un atacante remoto obtener contrase\u00f1as a trav\u00e9s de la contrase\u00f1a (elemento INPUT) sobre un p\u00e1gina web diferente localizada sobre un sitio web previsto para esta contrase\u00f1a."
    }
  ],
  "id": "CVE-2006-6077",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-11-24T17:07:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc"
    },
    {
      "source": "cve@mitre.org",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://fedoranews.org/cms/node/2713"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://fedoranews.org/cms/node/2728"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0077.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23046"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/23108"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/24205"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/24238"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/24287"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/24290"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/24293"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/24320"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/24328"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/24333"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/24342"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/24343"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/24384"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/24393"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/24395"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/24437"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/24457"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/24650"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/25588"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200703-04.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://securitytracker.com/id?1017271"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.338131"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2007/dsa-1336"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.info-svc.com/news/11-21-2006/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.info-svc.com/news/11-21-2006/rcsr1/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-02.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0078.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0079.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0097.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0108.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/452382/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/452431/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/452440/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/452463/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/454982/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/455073/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/455148/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/461336/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/461809/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/21240"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/22694"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/usn-428-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/4662"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/0718"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=360493"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30470"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://issues.rpath.com/browse/RPL-1081"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://issues.rpath.com/browse/RPL-1103"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10031"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://fedoranews.org/cms/node/2713"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://fedoranews.org/cms/node/2728"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0077.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23046"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/23108"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24205"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24238"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24287"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24290"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24293"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24320"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24328"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24333"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24342"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24343"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24384"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24393"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24395"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24437"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24457"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24650"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25588"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200703-04.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://securitytracker.com/id?1017271"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.338131"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2007/dsa-1336"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.info-svc.com/news/11-21-2006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.info-svc.com/news/11-21-2006/rcsr1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-02.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0078.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0079.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0097.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0108.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/452382/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/452431/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/452440/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/452463/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/454982/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/455073/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/455148/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/461336/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/461809/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/21240"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/22694"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-428-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/4662"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/0718"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=360493"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30470"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-1081"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-1103"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10031"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2006-04-20 22:02
Modified
2025-04-03 01:03
Severity ?
Summary
Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an "alternate web page."
References
cve@mitre.orghttp://secunia.com/advisories/19698Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/19988Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/20063Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/20376Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/21176Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/21183Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/21324Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/22066Vendor Advisory
cve@mitre.orghttp://securitytracker.com/id?1016202
cve@mitre.orghttp://www.debian.org/security/2006/dsa-1118
cve@mitre.orghttp://www.debian.org/security/2006/dsa-1120
cve@mitre.orghttp://www.debian.org/security/2006/dsa-1134
cve@mitre.orghttp://www.gavinsharp.com/tmp/ImageVuln.htmlPatch
cve@mitre.orghttp://www.mozilla.org/security/announce/2006/mfsa2006-39.htmlVendor Advisory
cve@mitre.orghttp://www.networksecurity.fi/advisories/netscape-view-image.htmlVendor Advisory
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2006_35_mozilla.html
cve@mitre.orghttp://www.osvdb.org/24713
cve@mitre.orghttp://www.securityfocus.com/archive/1/431267/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/433138/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/433539/30/5070/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/435795/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/446658/100/200/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/446658/100/200/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/18228
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/2106Vendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/3748Vendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/0083Vendor Advisory
cve@mitre.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=334341
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/25925
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19698Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19988Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/20063Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/20376Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21176Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21183Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21324Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22066Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1016202
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2006/dsa-1118
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2006/dsa-1120
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2006/dsa-1134
af854a3a-2127-422b-91ae-364da2661108http://www.gavinsharp.com/tmp/ImageVuln.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/2006/mfsa2006-39.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.networksecurity.fi/advisories/netscape-view-image.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2006_35_mozilla.html
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/24713
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/431267/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/433138/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/433539/30/5070/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/435795/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/446658/100/200/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/446658/100/200/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/18228
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/2106Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/3748Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/0083Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=334341
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/25925
Impacted products
Vendor Product Version
k-meleon_project k-meleon 0.9.13
mozilla firefox 1.5.0.2
netscape navigator 7.2
netscape navigator 8.0.40
netscape navigator 8.1



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:k-meleon_project:k-meleon:0.9.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9F05337-F4CB-4829-A086-1164CAC34BAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "84D15CE0-69DF-4EFD-801E-96A4D6AABEDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "842CBD30-B4BA-4FCF-9152-9DBEBE59857C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:8.0.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "4877D2D7-139E-4582-B023-53E1E1E1D124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D673003C-0491-4C94-8907-5E36BB5EB9AD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an \"alternate web page.\""
    }
  ],
  "id": "CVE-2006-1942",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2006-04-20T22:02:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19698"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19988"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20063"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20376"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21176"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21183"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21324"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22066"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1016202"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2006/dsa-1118"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2006/dsa-1120"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2006/dsa-1134"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.gavinsharp.com/tmp/ImageVuln.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-39.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.networksecurity.fi/advisories/netscape-view-image.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2006_35_mozilla.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/24713"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/431267/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/433138/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/433539/30/5070/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/435795/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/18228"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/2106"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/3748"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0083"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=334341"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25925"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19698"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19988"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20063"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20376"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21176"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21183"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21324"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22066"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016202"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2006/dsa-1118"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2006/dsa-1120"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2006/dsa-1134"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.gavinsharp.com/tmp/ImageVuln.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-39.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.networksecurity.fi/advisories/netscape-view-image.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2006_35_mozilla.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/24713"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/431267/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/433138/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/433539/30/5070/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/435795/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/18228"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/2106"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/3748"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0083"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=334341"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25925"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2006-08-21 20:04
Modified
2025-04-03 01:03
Severity ?
Summary
Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3. NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie. Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability. NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected.
References
cve@mitre.orgftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
cve@mitre.orghttp://lcamtuf.coredump.cx/ffoxdie.html
cve@mitre.orghttp://lcamtuf.coredump.cx/ffoxdie3.html
cve@mitre.orghttp://secunia.com/advisories/21513Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/21906Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/21915Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/21916Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/21939Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/21940Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/21949Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/21950Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/22001Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/22025Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/22036Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/22055Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/22056
cve@mitre.orghttp://secunia.com/advisories/22066
cve@mitre.orghttp://secunia.com/advisories/22074Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/22088Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/22195
cve@mitre.orghttp://secunia.com/advisories/22210Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/22274Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/22391Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/22422Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/24711
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200609-19.xml
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200610-01.xml
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200610-04.xml
cve@mitre.orghttp://securitytracker.com/id?1016846
cve@mitre.orghttp://securitytracker.com/id?1016847
cve@mitre.orghttp://securitytracker.com/id?1016848
cve@mitre.orghttp://support.avaya.com/elmodocs2/security/ASA-2006-224.htm
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2006:168
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2006:169
cve@mitre.orghttp://www.mozilla.org/security/announce/2006/mfsa2006-59.html
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2006_54_mozilla.html
cve@mitre.orghttp://www.pianetapc.it/view.php?id=770URL Repurposed
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2006-0675.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2006-0676.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2006-0677.html
cve@mitre.orghttp://www.securiteam.com/securitynews/5VP0M0AJFW.html
cve@mitre.orghttp://www.securityfocus.com/archive/1/443020/100/100/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/443306/100/100/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/443500/100/100/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/443528/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/446140/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/447837/100/200/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/447840/100/200/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/448956/100/100/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/448984/100/100/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/449245/100/100/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/449487/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/449726/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/19488
cve@mitre.orghttp://www.securityfocus.com/bid/19534
cve@mitre.orghttp://www.ubuntu.com/usn/usn-350-1
cve@mitre.orghttp://www.ubuntu.com/usn/usn-351-1
cve@mitre.orghttp://www.ubuntu.com/usn/usn-352-1
cve@mitre.orghttp://www.ubuntu.com/usn/usn-354-1
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/3617
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/3748
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/1198
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/0083
cve@mitre.orghttp://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
cve@mitre.orghttp://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
cve@mitre.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=348514
cve@mitre.orghttps://issues.rpath.com/browse/RPL-640
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9528
af854a3a-2127-422b-91ae-364da2661108ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
af854a3a-2127-422b-91ae-364da2661108http://lcamtuf.coredump.cx/ffoxdie.html
af854a3a-2127-422b-91ae-364da2661108http://lcamtuf.coredump.cx/ffoxdie3.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21513Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21906Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21915Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21916Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21939Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21940Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21949Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21950Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22001Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22025Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22036Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22055Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22056
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22066
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22074Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22088Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22195
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22210Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22274Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22391Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22422Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24711
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200609-19.xml
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200610-01.xml
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200610-04.xml
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1016846
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1016847
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1016848
af854a3a-2127-422b-91ae-364da2661108http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2006:168
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2006:169
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/2006/mfsa2006-59.html
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2006_54_mozilla.html
af854a3a-2127-422b-91ae-364da2661108http://www.pianetapc.it/view.php?id=770URL Repurposed
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2006-0675.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2006-0676.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2006-0677.html
af854a3a-2127-422b-91ae-364da2661108http://www.securiteam.com/securitynews/5VP0M0AJFW.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/443020/100/100/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/443306/100/100/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/443500/100/100/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/443528/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/446140/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/447837/100/200/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/447840/100/200/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/448956/100/100/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/448984/100/100/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/449245/100/100/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/449487/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/449726/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/19488
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/19534
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-350-1
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-351-1
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-352-1
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-354-1
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/3617
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/3748
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/1198
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/0083
af854a3a-2127-422b-91ae-364da2661108http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
af854a3a-2127-422b-91ae-364da2661108http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=348514
af854a3a-2127-422b-91ae-364da2661108https://issues.rpath.com/browse/RPL-640
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9528



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:k-meleon_project:k-meleon:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1EAAD01-C770-446C-916F-66782953AF02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2434FCE7-A50B-4527-9970-C7224B31141C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
              "matchCriteriaId": "5633FB6E-D623-49D4-9858-4E20E64DE458",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "567FF916-7DE0-403C-8528-7931A43E0D18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "010B34F4-910E-4515-990B-8E72DF009578",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A545A77-2198-4685-A87F-E0F2DAECECF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "778FAE0C-A5CF-4B67-93A9-1A803E3E699F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7447185-7509-449D-8907-F30A42CF7EB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EDBAC37-9D08-44D1-B279-BC6ACF126CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FFF89FA-2020-43CC-BACD-D66117B3DD26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "834BB391-5EB5-43A8-980A-D305EDAE6FA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A38AD88-BAA6-4FBE-885B-69E951BD1EFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B500EE6C-99DB-49A3-A1F1-AFFD7FE28068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F2938F2-A801-45E5-8E06-BE03DE03C8A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABB88E86-6E83-4A59-9266-8B98AA91774D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "E19ED1CA-DEBD-4786-BA7B-C122C7D2E5B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "66BE50FE-EA21-4633-A181-CD35196DF06E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D6BF5B1-86D1-47FE-9D9C-735718F94874",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "84D15CE0-69DF-4EFD-801E-96A4D6AABEDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEE203DE-6C0E-4FDE-9C3A-0E73430F17DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2F38886-C25A-4C6B-93E7-36461405BA99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C65D2670-F37F-48CB-804A-D35BB1C27D9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE8E5194-7B34-4802-BDA6-6A86EB5EDE05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D673003C-0491-4C94-8907-5E36BB5EB9AD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3.  NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie.  Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability.  NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de concurrencia en Mozilla Firefox 1.5.0.6 y anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante m\u00faltiples eventos Javascript temporizados que cargan un archivo XML profundamente anidado, seguido por una redirecci\u00f3n del navegador hacia ora p\u00e1gina, lo cual lleva a un fallo de concurencia que provoca que se liberen estructuras incorrectamente, como ha sido demostrado por (1) ffoxdie y (2) ffoxdie3. NOTA: se ha reportado que Netscape 8.1 y K-Meleaon 1.0.1 tambi\u00e9n se han visto afectados por ffoxdie. Mozilla confirm\u00f3 a CVE que ffoxdie y ffoxdie3 disparan la misma vulnerabilidad subyacente. NOTA: se ha reportado posteriormente que Firefox 2.0 RC2 y 1.5.0.7 tambi\u00e9n est\u00e1n afectados."
    }
  ],
  "id": "CVE-2006-4253",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.6,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-08-21T20:04:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lcamtuf.coredump.cx/ffoxdie.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lcamtuf.coredump.cx/ffoxdie3.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21513"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21906"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21915"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21916"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21939"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21940"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21949"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21950"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22001"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22025"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22036"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22055"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/22056"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/22066"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22074"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22088"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/22195"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22210"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22274"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22391"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22422"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/24711"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200609-19.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200610-01.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200610-04.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1016846"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1016847"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1016848"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-59.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "URL Repurposed"
      ],
      "url": "http://www.pianetapc.it/view.php?id=770"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0675.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0676.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0677.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securiteam.com/securitynews/5VP0M0AJFW.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/443020/100/100/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/443306/100/100/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/443500/100/100/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/443528/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/446140/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/447837/100/200/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/447840/100/200/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/448956/100/100/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/448984/100/100/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/449245/100/100/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/449487/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/449726/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/19488"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/19534"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/usn-350-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/usn-351-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/usn-352-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/usn-354-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/3617"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/3748"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/1198"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0083"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=348514"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://issues.rpath.com/browse/RPL-640"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9528"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lcamtuf.coredump.cx/ffoxdie.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lcamtuf.coredump.cx/ffoxdie3.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21513"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21906"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21915"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21916"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21939"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21940"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21949"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21950"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22001"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22025"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22036"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22055"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22056"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22066"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22074"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22088"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22195"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22210"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22274"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22391"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22422"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24711"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200609-19.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200610-01.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200610-04.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016846"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016847"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016848"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-59.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "URL Repurposed"
      ],
      "url": "http://www.pianetapc.it/view.php?id=770"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0675.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0676.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0677.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securiteam.com/securitynews/5VP0M0AJFW.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/443020/100/100/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/443306/100/100/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/443500/100/100/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/443528/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/446140/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/447837/100/200/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/447840/100/200/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/448956/100/100/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/448984/100/100/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/449245/100/100/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/449487/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/449726/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/19488"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/19534"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-350-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-351-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-352-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-354-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/3617"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/3748"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/1198"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0083"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=348514"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-640"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9528"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2005-01-10 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Netscape 7.x to 7.2, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.
Impacted products
Vendor Product Version
netscape navigator 7.0
netscape navigator 7.0.2
netscape navigator 7.1
netscape navigator 7.2



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netscape:navigator:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "30A0231A-B664-46C2-9602-B60EAD6AEC12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C632D06D-0172-46DA-A7F9-0BC484365BD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C1BC491-9C5A-46D5-B6C3-5A8E5A1A0AF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "842CBD30-B4BA-4FCF-9152-9DBEBE59857C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Netscape 7.x to 7.2, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the \"window injection\" vulnerability."
    }
  ],
  "id": "CVE-2004-1160",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-01-10T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/13402/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/multiple_browsers_window_injection_vulnerability_test/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/secunia_research/2004-13/advisory/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/11852"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/13402/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/multiple_browsers_window_injection_vulnerability_test/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/secunia_research/2004-13/advisory/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/11852"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
1996-03-29 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet.
Impacted products
Vendor Product Version
netscape navigator 2.02



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netscape:navigator:2.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA1BDF4E-F2B7-48A6-A276-2C69BEAD932A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet."
    }
  ],
  "id": "CVE-1999-0141",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.7,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 1.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "1996-03-29T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll\u0026doc=secbull/134"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll\u0026doc=secbull/134"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
1999-05-24 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
When Javascript is embedded within the TITLE tag, Netscape Communicator allows a remote attacker to use the "about" protocol to gain access to browser information.
Impacted products
Vendor Product Version
netscape communicator 4.6
netscape communicator 4.x
netscape navigator *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.6:*:windows_95:*:*:*:*:*",
              "matchCriteriaId": "2120677E-C560-408F-93C0-13A9CEEF0565",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.x:*:*:*:*:*:*:*",
              "matchCriteriaId": "93E61D1F-588C-4B84-B5CA-8AB68AE4DF1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA2CA2F8-260C-4559-BF24-3E321CEAE93F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "When Javascript is embedded within the TITLE tag, Netscape Communicator allows a remote attacker to use the \"about\" protocol to gain access to browser information."
    }
  ],
  "id": "CVE-1999-0762",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "1999-05-24T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0762"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0762"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2002-10-04 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1444C77E-FF98-40E5-9CA9-B4C71B3C9304",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B40771F-30CB-45D0-9EDE-1F13852085B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E4F64F8-CCC2-47FF-9B9D-41B3BCDD513C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "47315EC4-1EED-4070-A087-8E37C8FE6703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F1EB38F-CEB2-40BC-AA5D-CC539F597137",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCDAEAE6-BA9F-4D40-B264-4A72930239E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7D7FA24-4B6F-4D67-95BE-46819033CA6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9B316E0-4A05-411A-8279-404C82288BE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B91D7920-86E6-4842-897A-553F018AD493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36889B90-FD18-4A5A-A732-788240E10FEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:opera_software:opera_web_browser:5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "F49659B4-2878-4D31-BCB8-11CA38D6FA8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:opera_software:opera_web_browser:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0615E0B9-EFCF-4CDD-81E3-0E351DEB2C2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:opera_software:opera_web_browser:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "964BC1D9-10D2-4064-A0AD-5DD6E6A568E5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width."
    }
  ],
  "id": "CVE-2002-1091",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2002-10-04T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=157989"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://crash.ihug.co.nz/~Sneuro/zerogif/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=103134051120770\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/10058.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2002-192.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-046.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/5665"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=157989"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://crash.ihug.co.nz/~Sneuro/zerogif/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=103134051120770\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/10058.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2002-192.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-046.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/5665"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
1999-11-24 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file.
Impacted products
Vendor Product Version
netscape communicator 4.7
netscape navigator 4.7



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "38FD74F5-12ED-4049-B06F-0F22A0254C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2AE46C7-6538-4DE6-B3EA-81AD7F7C43E2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file."
    }
  ],
  "id": "CVE-1999-1189",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "1999-11-24T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/archive/1/36306"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/archive/1/36608"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/822"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7884"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/archive/1/36306"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/archive/1/36608"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/822"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7884"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2008-07-08 23:41
Modified
2025-04-09 00:30
Severity ?
Summary
Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.
References
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html
secalert@redhat.comhttp://nils.toedtmann.net/pub/subjectAltName.txt
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2008-0616.html
secalert@redhat.comhttp://secunia.com/advisories/30878
secalert@redhat.comhttp://secunia.com/advisories/30898
secalert@redhat.comhttp://secunia.com/advisories/30903
secalert@redhat.comhttp://secunia.com/advisories/30911Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/30949
secalert@redhat.comhttp://secunia.com/advisories/31005
secalert@redhat.comhttp://secunia.com/advisories/31008
secalert@redhat.comhttp://secunia.com/advisories/31021
secalert@redhat.comhttp://secunia.com/advisories/31023
secalert@redhat.comhttp://secunia.com/advisories/31069
secalert@redhat.comhttp://secunia.com/advisories/31076
secalert@redhat.comhttp://secunia.com/advisories/31183
secalert@redhat.comhttp://secunia.com/advisories/31195
secalert@redhat.comhttp://secunia.com/advisories/31220
secalert@redhat.comhttp://secunia.com/advisories/31253
secalert@redhat.comhttp://secunia.com/advisories/31286
secalert@redhat.comhttp://secunia.com/advisories/31377
secalert@redhat.comhttp://secunia.com/advisories/31403
secalert@redhat.comhttp://secunia.com/advisories/33433
secalert@redhat.comhttp://secunia.com/advisories/34501
secalert@redhat.comhttp://security.gentoo.org/glsa/glsa-200808-03.xml
secalert@redhat.comhttp://securityreason.com/securityalert/3498
secalert@redhat.comhttp://securitytracker.com/id?1018979
secalert@redhat.comhttp://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152
secalert@redhat.comhttp://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911
secalert@redhat.comhttp://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.410484
secalert@redhat.comhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
secalert@redhat.comhttp://wiki.rpath.com/Advisories:rPSA-2008-0216
secalert@redhat.comhttp://www.debian.org/security/2008/dsa-1607
secalert@redhat.comhttp://www.debian.org/security/2008/dsa-1615
secalert@redhat.comhttp://www.debian.org/security/2008/dsa-1621
secalert@redhat.comhttp://www.debian.org/security/2009/dsa-1697
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:136
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:155
secalert@redhat.comhttp://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15
secalert@redhat.comhttp://www.mozilla.org/security/announce/2008/mfsa2008-31.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2008-0547.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2008-0549.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2008-0569.html
secalert@redhat.comhttp://www.securityfocus.com/archive/1/483929/100/100/threaded
secalert@redhat.comhttp://www.securityfocus.com/archive/1/483937/100/100/threaded
secalert@redhat.comhttp://www.securityfocus.com/archive/1/483960/100/100/threaded
secalert@redhat.comhttp://www.securityfocus.com/archive/1/494080/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/bid/30038
secalert@redhat.comhttp://www.securitytracker.com/id?1020419
secalert@redhat.comhttp://www.ubuntu.com/usn/usn-619-1
secalert@redhat.comhttp://www.ubuntu.com/usn/usn-629-1
secalert@redhat.comhttp://www.vupen.com/english/advisories/2008/1993/references
secalert@redhat.comhttp://www.vupen.com/english/advisories/2009/0977
secalert@redhat.comhttps://bugzilla.mozilla.org/show_bug.cgi?id=240261
secalert@redhat.comhttps://bugzilla.mozilla.org/show_bug.cgi?id=327181
secalert@redhat.comhttps://bugzilla.mozilla.org/show_bug.cgi?id=402347
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/43524
secalert@redhat.comhttps://issues.rpath.com/browse/RPL-2646
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10205
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html
af854a3a-2127-422b-91ae-364da2661108http://nils.toedtmann.net/pub/subjectAltName.txt
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2008-0616.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30878
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30898
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30903
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30911Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30949
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31005
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31008
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31021
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31023
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31069
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31076
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31183
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31195
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31220
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31253
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31286
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31377
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31403
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/33433
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34501
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200808-03.xml
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/3498
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1018979
af854a3a-2127-422b-91ae-364da2661108http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152
af854a3a-2127-422b-91ae-364da2661108http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911
af854a3a-2127-422b-91ae-364da2661108http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.410484
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
af854a3a-2127-422b-91ae-364da2661108http://wiki.rpath.com/Advisories:rPSA-2008-0216
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2008/dsa-1607
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2008/dsa-1615
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2008/dsa-1621
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2009/dsa-1697
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2008:136
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2008:155
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/2008/mfsa2008-31.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0547.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0549.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0569.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/483929/100/100/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/483937/100/100/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/483960/100/100/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/494080/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/30038
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1020419
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-619-1
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-629-1
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/1993/references
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/0977
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=240261
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=327181
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=402347
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/43524
af854a3a-2127-422b-91ae-364da2661108https://issues.rpath.com/browse/RPL-2646
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10205
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html
Impacted products
Vendor Product Version
mozilla firefox 2.0.0.1
mozilla firefox 2.0.0.2
mozilla firefox 2.0.0.3
mozilla firefox 2.0.0.4
mozilla firefox 2.0.0.5
mozilla firefox 2.0.0.6
mozilla firefox 2.0.0.7
mozilla firefox 2.0.0.8
mozilla firefox 2.0.0.9
mozilla firefox 2.0.0.10
mozilla firefox 2.0.0.11
mozilla firefox 2.0.0.12
mozilla firefox 2.0.0.13
mozilla firefox 2.0.0.14
mozilla geckb *
mozilla seamonkey *
mozilla seamonkey 1.1.5
netscape navigator 9.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3D956DC-C73B-439F-8D79-8239207CC76F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57E2C7E7-56C0-466C-BB08-5EB43922C4F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "462E135A-5616-46CC-A9C0-5A7A0526ACC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6121F9C1-F4DF-4AAB-9E51-AC1592AA5639",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "58D44634-A0B5-4F05-8983-B08D392EC742",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB3AC3D3-FDD7-489F-BDCF-BDB55DF33A8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "4105171B-9C90-4ABF-B220-A35E7BA9EE40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "20985549-DB24-4B69-9D40-208A47AE658E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "43A13026-416F-4308-8A1B-E989BD769E12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "612B015E-9F96-4CE6-83E4-23848FD609E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E391619-0967-43E1-8CBC-4D54F72A85C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "0544D626-E269-4677-9B05-7DAB23BD103B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "C95F7B2C-80FC-4DF2-9680-F74634DCE3E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "863C140E-DC15-4A88-AB8A-8AEF9F4B8164",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:geckb:*:m8:*:*:*:*:*:*",
              "matchCriteriaId": "1AE6FF40-5C89-47F1-928C-7BC7DB7A57F3",
              "versionEndIncluding": "1.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0E9314D-0D23-4572-9956-D2E8B53540B1",
              "versionEndIncluding": "1.0.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "76AD0439-3BFB-4AD1-8E2C-99D0B099FA8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DE436EA-9F65-4B62-A11D-B102F5E5E9FC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site."
    },
    {
      "lang": "es",
      "value": "Mozilla 1.9 M8 y anteriores, Mozilla Firefox 2 y anteriores a 2.0.0.15, SeaMonkey 1.1.5 y otras versiones anteriores a 1.1.10, Netscape 9.0, y otras navegadores basados en Mozilla, cuando un usuario aceptar un certificado SSL de servidor sobre las bases del nombre de dominio CN en el campo DN, considerando que el certificado es tambi\u00e9n aceptado por todos los nombres de dominio en el campo subjectAltName:dNSName, el cual hace m\u00e1s f\u00e1cil a los atacantes remotos enga\u00f1ar a un usuario aceptando un certificado no v\u00e1lido para una p\u00e1gina web falsa."
    }
  ],
  "id": "CVE-2008-2809",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-07-08T23:41:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://nils.toedtmann.net/pub/subjectAltName.txt"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2008-0616.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/30878"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/30898"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/30903"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30911"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/30949"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/31005"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/31008"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/31021"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/31023"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/31069"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/31076"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/31183"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/31195"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/31220"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/31253"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/31286"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/31377"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/31403"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/33433"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/34501"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.gentoo.org/glsa/glsa-200808-03.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securityreason.com/securityalert/3498"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securitytracker.com/id?1018979"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.383152"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.384911"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.410484"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0216"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2008/dsa-1607"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2008/dsa-1615"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2008/dsa-1621"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2009/dsa-1697"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:136"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:155"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-31.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0547.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0549.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0569.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/483929/100/100/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/483937/100/100/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/483960/100/100/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/494080/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/30038"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1020419"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/usn-619-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/usn-629-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2008/1993/references"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2009/0977"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=240261"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=327181"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=402347"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43524"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://issues.rpath.com/browse/RPL-2646"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10205"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://nils.toedtmann.net/pub/subjectAltName.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2008-0616.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30878"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30898"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30903"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30911"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30949"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31005"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31008"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31021"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31069"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31076"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31183"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31195"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31220"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31253"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31286"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31377"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31403"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/33433"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34501"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200808-03.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3498"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1018979"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.383152"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.384911"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.410484"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0216"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1607"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1615"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1621"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2009/dsa-1697"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:136"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:155"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-31.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0547.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0549.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0569.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/483929/100/100/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/483937/100/100/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/483960/100/100/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/494080/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/30038"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1020419"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-619-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-629-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1993/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/0977"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=240261"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=327181"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=402347"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43524"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-2646"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10205"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2004-08-06 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Netscape Navigator 7.1 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.
Impacted products
Vendor Product Version
netscape navigator 7.1



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netscape:navigator:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C1BC491-9C5A-46D5-B6C3-5A8E5A1A0AF3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Netscape Navigator 7.1 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified \"alt\" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a \"phishing\" attack."
    },
    {
      "lang": "es",
      "value": "Netscape Navigator 7.1 permite a atacantes remotos suplantar URL leg\u00edtimas en la barra de estado mediante etiquetas A HREF con valores \"alt\" modificados que apuntan al sitio leg\u00edtimo, combinado con un mapa de imagen cuyo HREF apunta al sitio malicioso, lo que facilita ataques de suplantaci\u00f3n para robo de datos (phising)\"."
    }
  ],
  "id": "CVE-2004-0528",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-08-06T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/6580"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/10389"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16102"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/6580"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/10389"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16102"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2003-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function.
Impacted products
Vendor Product Version
netscape navigator 7.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netscape:navigator:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "30A0231A-B664-46C2-9602-B60EAD6AEC12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function."
    }
  ],
  "id": "CVE-2003-1419",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2003-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0338.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/6959"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11444"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0338.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/6959"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11444"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2005-12-09 15:03
Modified
2025-04-03 01:03
Severity ?
Summary
Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this issue.
References
cve@mitre.orgftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
cve@mitre.orgftp://patches.sgi.com/support/free/security/advisories/20060201-01-U
cve@mitre.orghttp://marc.info/?l=full-disclosure&m=113404911919629&w=2
cve@mitre.orghttp://marc.info/?l=full-disclosure&m=113405896025702&w=2
cve@mitre.orghttp://secunia.com/advisories/17934Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/17944Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/17946Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/18700
cve@mitre.orghttp://secunia.com/advisories/18704
cve@mitre.orghttp://secunia.com/advisories/18705
cve@mitre.orghttp://secunia.com/advisories/18706
cve@mitre.orghttp://secunia.com/advisories/18708
cve@mitre.orghttp://secunia.com/advisories/18709
cve@mitre.orghttp://secunia.com/advisories/19230
cve@mitre.orghttp://secunia.com/advisories/19746
cve@mitre.orghttp://secunia.com/advisories/19759
cve@mitre.orghttp://secunia.com/advisories/19852
cve@mitre.orghttp://secunia.com/advisories/19862
cve@mitre.orghttp://secunia.com/advisories/19863
cve@mitre.orghttp://secunia.com/advisories/19902
cve@mitre.orghttp://secunia.com/advisories/19941
cve@mitre.orghttp://secunia.com/advisories/21033
cve@mitre.orghttp://secunia.com/advisories/21622
cve@mitre.orghttp://securitytracker.com/id?1015328
cve@mitre.orghttp://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
cve@mitre.orghttp://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1
cve@mitre.orghttp://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
cve@mitre.orghttp://www.debian.org/security/2006/dsa-1044
cve@mitre.orghttp://www.debian.org/security/2006/dsa-1046
cve@mitre.orghttp://www.debian.org/security/2006/dsa-1051
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2006:036
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2006:037
cve@mitre.orghttp://www.mozilla.org/security/announce/mfsa2006-03.html
cve@mitre.orghttp://www.mozilla.org/security/history-title.html
cve@mitre.orghttp://www.networksecurity.fi/advisories/netscape-history.html
cve@mitre.orghttp://www.osvdb.org/21533
cve@mitre.orghttp://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html
cve@mitre.orghttp://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2006-0199.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2006-0200.html
cve@mitre.orghttp://www.securityfocus.com/archive/1/425975/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/425978/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/438730/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/438730/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/15773
cve@mitre.orghttp://www.securityfocus.com/bid/16476
cve@mitre.orghttp://www.vupen.com/english/advisories/2005/2805
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/0413
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/3391
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11382
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1619
cve@mitre.orghttps://usn.ubuntu.com/271-1/
cve@mitre.orghttps://usn.ubuntu.com/275-1/
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
af854a3a-2127-422b-91ae-364da2661108ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=full-disclosure&m=113404911919629&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=full-disclosure&m=113405896025702&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/17934Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/17944Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/17946Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/18700
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/18704
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/18705
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/18706
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/18708
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/18709
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19230
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19746
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19759
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19852
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19862
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19863
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19902
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19941
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21033
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21622
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1015328
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1
af854a3a-2127-422b-91ae-364da2661108http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2006/dsa-1044
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2006/dsa-1046
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2006/dsa-1051
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2006:036
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2006:037
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/mfsa2006-03.html
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/history-title.html
af854a3a-2127-422b-91ae-364da2661108http://www.networksecurity.fi/advisories/netscape-history.html
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/21533
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2006-0199.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2006-0200.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/425975/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/425978/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/438730/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/438730/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/15773
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/16476
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2005/2805
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/0413
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/3391
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11382
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1619
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/271-1/
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/275-1/



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:k-meleon_project:k-meleon:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC0A29B9-A7D3-4A5A-B21A-D701D0A10C76",
              "versionEndIncluding": "0.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:k-meleon_project:k-meleon:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "328AFACF-FDA7-4FB5-A85E-4F349453301F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:k-meleon_project:k-meleon:0.7_service_pack_1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADCDD160-5239-47C5-AE7D-6060FB6E0037",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:k-meleon_project:k-meleon:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "82A07303-9E74-4409-9853-8EC283734B64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:k-meleon_project:k-meleon:0.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C6CAF6A-4E33-444F-B2DF-A270428B8C9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:k-meleon_project:k-meleon:0.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BD39C88-D4B7-4F7D-81AC-F99A143B82E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FC40790-BCBF-4609-A7DC-5659B2233B7B",
              "versionEndIncluding": "1.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla_suite:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF9D2443-9389-42B0-BF93-3ADC1B7325EC",
              "versionEndIncluding": "1.7.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F337E57D-2918-4141-8842-A9D58DB922E5",
              "versionEndIncluding": "8.0.40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C1BC491-9C5A-46D5-B6C3-5A8E5A1A0AF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "842CBD30-B4BA-4FCF-9152-9DBEBE59857C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup.  NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox.  Also, it has been independently reported that Netscape 8.1 does not have this issue."
    }
  ],
  "evaluatorSolution": "This issue was fixed in K-Meleon version 0.9.12.",
  "id": "CVE-2005-4134",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-12-09T15:03:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=full-disclosure\u0026m=113404911919629\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=full-disclosure\u0026m=113405896025702\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17934"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17944"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17946"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/18700"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/18704"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/18705"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/18706"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/18708"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/18709"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/19230"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/19746"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/19759"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/19852"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/19862"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/19863"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/19902"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/19941"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/21033"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/21622"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1015328"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2006/dsa-1044"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2006/dsa-1046"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2006/dsa-1051"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:036"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:037"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mozilla.org/security/announce/mfsa2006-03.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mozilla.org/security/history-title.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.networksecurity.fi/advisories/netscape-history.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/21533"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0199.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0200.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/425975/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/425978/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/15773"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/16476"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2005/2805"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/0413"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/3391"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11382"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1619"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/271-1/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/275-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=full-disclosure\u0026m=113404911919629\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=full-disclosure\u0026m=113405896025702\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17934"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17944"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17946"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/18700"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/18704"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/18705"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/18706"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/18708"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/18709"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19230"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19746"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19759"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19852"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19862"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19863"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19902"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19941"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/21033"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/21622"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1015328"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2006/dsa-1044"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2006/dsa-1046"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2006/dsa-1051"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:036"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:037"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mozilla.org/security/announce/mfsa2006-03.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mozilla.org/security/history-title.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.networksecurity.fi/advisories/netscape-history.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/21533"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0199.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0200.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/425975/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/425978/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/15773"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/16476"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2005/2805"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/0413"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/3391"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11382"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1619"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/271-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/275-1/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "22F00276-9071-4B96-B49C-2E0898476874",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB84CC9B-346B-4AF4-929E-D56D85960103",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9420CD82-0E5F-4486-9AF8-9DCD6ED7E037",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A9C79AB-4ABE-49E6-BAB2-94610AE0316F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "04DE7CCB-79B8-4F9B-AC14-E4A100F9E473",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1444C77E-FF98-40E5-9CA9-B4C71B3C9304",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B40771F-30CB-45D0-9EDE-1F13852085B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "209C7BB1-EFDF-43AB-9FB6-DF67465DEAEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B711600-425F-4FF9-BC5E-B8D182A2B9F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E9A5461-B0F2-49DB-A69C-3D2D27709647",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.5_beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "213EB326-33D1-4329-A6BB-B1AA1C626E44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "34F6328B-44A8-4E45-918E-C54285040BFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "529E3F71-6016-461D-A162-0DBDD5505389",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.07:*:*:*:*:*:*:*",
              "matchCriteriaId": "31D02C4D-3FD1-425F-B0DB-7808089BCD0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "38FD74F5-12ED-4049-B06F-0F22A0254C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.08:*:*:*:*:*:*:*",
              "matchCriteriaId": "61268CF9-E279-4F63-B228-F9ED4B93BB99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "918BE44C-8D64-4040-BC74-802AA3FA4E10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.61:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AA534C4-9411-44EC-AA34-2287C79AD235",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.72:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A4E8588-A941-4759-B41C-00F193F2C63B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.73:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E48C051-EB45-4262-86C2-2333FD5C7745",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.74:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA48AF1E-99EF-419C-B425-001C7134C6BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.75:*:*:*:*:*:*:*",
              "matchCriteriaId": "C97DE00F-4C73-4C54-918E-D540F2C3297B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.76:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5A07AD2-2293-443A-9A32-316B832A5276",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.77:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A823994-786D-41D7-9FA7-FF8058C4AFD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.78:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4613823-DA14-4BE2-986C-2EED3DB82BA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:4.77:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA4FBB90-8A52-41B4-B08A-53A86CF56898",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5421CDE-6C31-42FF-8A06-23A6207D1B51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:6.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "6469EB31-32FF-415C-82DD-670513911371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F112CED-879B-4A19-993A-16858B4EC16C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7D7FA24-4B6F-4D67-95BE-46819033CA6F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain."
    }
  ],
  "id": "CVE-2002-2013",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2002-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://alive.znep.com/~marcs/security/mozillacookie/demo.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0270.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.iss.net/security_center/static/7973.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/3925"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://alive.znep.com/~marcs/security/mozillacookie/demo.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0270.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.iss.net/security_center/static/7973.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/3925"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Not vulnerable. This issue did not affect the versions of Mozilla as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.\n",
      "lastModified": "2006-08-30T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2002-06-25 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property.
Impacted products
Vendor Product Version
mozilla mozilla 0.9.7
mozilla mozilla 0.9.9
mozilla mozilla 1.0
mozilla mozilla 1.0
mozilla mozilla 1.0
netscape navigator 6.1
netscape navigator 6.2



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E4F64F8-CCC2-47FF-9B9D-41B3BCDD513C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F1EB38F-CEB2-40BC-AA5D-CC539F597137",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C9296197-0EE0-4CC0-A11F-E44E3443E990",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "A76ACC55-754D-4501-8312-5A4E10D053B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "347AB95F-166E-449A-82D7-BEC10257E0D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F112CED-879B-4A19-993A-16858B4EC16C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7D7FA24-4B6F-4D67-95BE-46819033CA6F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property."
    }
  ],
  "id": "CVE-2002-0354",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2002-06-25T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=102017952204097\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=ntbugtraq\u0026m=102020343728766\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=102017952204097\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=ntbugtraq\u0026m=102020343728766\u0026w=2"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
1996-03-01 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer's Kit 1.0 allows an applet to connect to arbitrary hosts.
Impacted products
Vendor Product Version
netscape navigator *
sun java *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netscape:navigator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA2CA2F8-260C-4559-BF24-3E321CEAE93F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DDA9F90-5D16-4E04-B285-D32C362279C6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer\u0027s Kit 1.0 allows an applet to connect to arbitrary hosts."
    }
  ],
  "id": "CVE-1999-0142",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "1996-03-01T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0142"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0142"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2007-07-21 00:30
Modified
2025-04-09 00:30
Severity ?
Summary
Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE's opinion that IE appears to not properly delimit the URL argument when invoking Netscape; this issue could arise with other protocol handlers in IE.
Impacted products
Vendor Product Version
microsoft internet_explorer *
netscape navigator 9.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8682FAF3-98E3-485C-89CB-C0358C4E2AB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:9.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "25A764C3-EA07-4125-8456-554E1D12155F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670.  NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE\u0027s opinion that IE appears to not properly delimit the URL argument when invoking Netscape; this issue could arise with other protocol handlers in IE."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n de argumento en Microsoft Internet Explorer, cuando se ejecuta en sistemas con Netscape instalado y determinadas URIs registradas, permite a atacantes remotos conducir ataques de secuencia de comandos en cruce de navegadores y ejecutar comandos de su elecci\u00f3n mediante metacaracteres de consola en un argumento -chrome en la URI navigatorurl, que son insertados en la l\u00ednea de comandos que se crea cuando se invoca netscape.exe, un asunto similar en CVE-2007-3670.\r\nNOTA: Se ha debatido si este asunto se produce en Explorer \u00f3 Netscape. En la fecha 20070713, la opini\u00f3n de CVE es que IE parece no delimitar apropiadamente el argumento del URL cuando se invoca Netscape; este asunto podr\u00eda aparecer con otros gestores de protocolos en IE.\r\n"
    }
  ],
  "id": "CVE-2007-3924",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-07-21T00:30:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26082"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sla.ckers.org/forum/read.php?3%2C13732%2C13739"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26082"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sla.ckers.org/forum/read.php?3%2C13732%2C13739"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1."
References
secalert@redhat.comftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
secalert@redhat.comhttp://secunia.com/advisories/14938Patch, Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/14992Patch, Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/14996Patch, Vendor Advisory
secalert@redhat.comhttp://securitytracker.com/id?1013745Patch
secalert@redhat.comhttp://www.gentoo.org/security/en/glsa/glsa-200504-18.xmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.mikx.de/firesearching/Exploit
secalert@redhat.comhttp://www.mozilla.org/security/announce/mfsa2005-38.htmlVendor Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-383.htmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-384.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-386.htmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/13211Exploit, Patch
secalert@redhat.comhttp://www.securityfocus.com/bid/15495
secalert@redhat.comhttps://bugzilla.mozilla.org/show_bug.cgi?id=290037Patch
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/20125
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100020
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11230
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/14938Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/14992Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/14996Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1013745Patch
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200504-18.xmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mikx.de/firesearching/Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/mfsa2005-38.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-383.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-384.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-386.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/13211Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/15495
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=290037Patch
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/20125
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100020
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11230



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2434FCE7-A50B-4527-9970-C7224B31141C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
              "matchCriteriaId": "5633FB6E-D623-49D4-9858-4E20E64DE458",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "567FF916-7DE0-403C-8528-7931A43E0D18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "010B34F4-910E-4515-990B-8E72DF009578",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A545A77-2198-4685-A87F-E0F2DAECECF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "778FAE0C-A5CF-4B67-93A9-1A803E3E699F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7447185-7509-449D-8907-F30A42CF7EB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C656A621-BE62-4BB8-9B25-A3916E60FA12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED69BEB9-8D83-415B-826D-9D17FB67976B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "3D8CB42F-8F05-45A6-A408-50A11CC132DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "407F69BE-4026-4B26-AC31-11E7CC942760",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "6E8264B5-4D4B-453D-B599-E2AD533A0CF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED9D75F1-8333-43DE-A08B-142E4C5899D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BF63077-4E98-497D-8CE6-B84B022DB21D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "2FEC6B13-3088-4ECB-9D81-6480F439601C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*",
              "matchCriteriaId": "20ECA520-780A-4EF8-8C80-B7564F4148B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*",
              "matchCriteriaId": "F610FFD5-DF37-4075-AE8B-8D89DF6205A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D093FD25-94C8-49B8-A452-438023BFB105",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "3346E7D0-D7EF-4182-BD86-837F14EEB9FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FE7EA3B-3BF8-4696-9488-78506074D62D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C883B45F-D28D-428E-AAF7-F93522A229DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFA659B9-2A00-45A6-A462-4E0A20FB7F81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "842CBD30-B4BA-4FCF-9152-9DBEBE59857C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka \"Firesearching 1.\""
    }
  ],
  "id": "CVE-2005-1156",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-05-02T04:00:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/14938"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/14992"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/14996"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1013745"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.mikx.de/firesearching/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/mfsa2005-38.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2005-383.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-384.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2005-386.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/13211"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/15495"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=290037"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20125"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100020"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11230"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/14938"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/14992"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/14996"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1013745"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.mikx.de/firesearching/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/mfsa2005-38.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2005-383.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-384.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2005-386.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/13211"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/15495"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=290037"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20125"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100020"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11230"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
1998-12-01 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BBF9241-A175-438C-A793-3D245BE2AE35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F62AC866-A06F-47DB-AEDF-E345CE0B14A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "943D5C5C-FC49-4EDE-AE75-A79CFF42208E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8873A08F-D4C7-46FC-8FE5-972644F85ADA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "42502347-DD40-4F8C-9861-C0A88A3F8608",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA2CA2F8-260C-4559-BF24-3E321CEAE93F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing."
    }
  ],
  "id": "CVE-1999-0869",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "1998-12-01T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-020"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-020"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
1999-11-01 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:ie:4.0:a_mac_os:*:*:*:*:*:*",
              "matchCriteriaId": "35AA9DC0-0694-48FC-8652-831DFAB29226",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BBF9241-A175-438C-A793-3D245BE2AE35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "943D5C5C-FC49-4EDE-AE75-A79CFF42208E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59EB6841-0427-479B-8771-06DF62EE3C87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8873A08F-D4C7-46FC-8FE5-972644F85ADA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "C375A9AA-505B-444C-A45F-2BAAD0B2CD0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "44FF4E47-AD75-42C7-BB84-42BBA46A58B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B26CE22-E730-4247-853E-5E640DB3ECB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6B8985B-B927-4928-B1DB-18E29F796992",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D09FC21-1170-4399-8378-1D8353689C76",
              "versionEndIncluding": "4.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "By default, Internet Explorer 5.0 and other versions enables the \"Navigate sub-frames across different domains\" option, which allows frame spoofing."
    }
  ],
  "id": "CVE-1999-0827",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "1999-11-01T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0827"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0827"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2003-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages.
Impacted products
Vendor Product Version
mozilla mozilla 5.0
netscape navigator 7.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "35FB74FC-4614-4325-9249-0DC887FD6C34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "30A0231A-B664-46C2-9602-B60EAD6AEC12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the \u0027Empty Trash\u0027 option, which could allow local users to access deleted messages."
    }
  ],
  "id": "CVE-2003-1265",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2003-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0277.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.iss.net/security_center/static/10963.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/6499"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1005871"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0277.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.iss.net/security_center/static/10963.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/6499"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1005871"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2006-05-26 01:06
Modified
2025-04-03 01:03
Severity ?
Summary
Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other versions before before 1.8.0, and Netscape 7.2 and 8.1, and possibly other versions and products, allows remote user-assisted attackers to obtain information such as the installation path by causing exceptions to be thrown and checking the message contents.
References
cve@mitre.orghttp://secunia.com/advisories/20244Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/20255Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/20256Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/21532Vendor Advisory
cve@mitre.orghttp://securityreason.com/securityalert/960
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2006:143
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2006:145
cve@mitre.orghttp://www.securityfocus.com/archive/1/434696/100/0/threaded
cve@mitre.orghttps://bugzilla.mozilla.org/attachment.cgi?id=164547Exploit
cve@mitre.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=267645Patch
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/26667
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/20244Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/20255Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/20256Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21532Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/960
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2006:143
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2006:145
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/434696/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/attachment.cgi?id=164547Exploit
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=267645Patch
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/26667
Impacted products
Vendor Product Version
mozilla firefox 1.5.0.1
mozilla firefox 1.5.0.2
mozilla firefox 1.5.0.3
mozilla mozilla_suite 1.7.13
netscape navigator 7.2
netscape navigator 8.1



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D6BF5B1-86D1-47FE-9D9C-735718F94874",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "84D15CE0-69DF-4EFD-801E-96A4D6AABEDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEE203DE-6C0E-4FDE-9C3A-0E73430F17DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla_suite:1.7.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC0CE9DF-4E6A-4ABE-965F-7C34690ABED1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "842CBD30-B4BA-4FCF-9152-9DBEBE59857C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D673003C-0491-4C94-8907-5E36BB5EB9AD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other versions before before 1.8.0, and Netscape 7.2 and 8.1, and possibly other versions and products, allows remote user-assisted attackers to obtain information such as the installation path by causing exceptions to be thrown and checking the message contents."
    }
  ],
  "id": "CVE-2006-2613",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2006-05-26T01:06:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20244"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20255"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20256"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21532"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/960"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/434696/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugzilla.mozilla.org/attachment.cgi?id=164547"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=267645"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26667"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20244"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20255"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20256"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21532"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/960"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/434696/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugzilla.mozilla.org/attachment.cgi?id=164547"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=267645"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26667"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2007-07-27 22:30
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:datacenter_edition:*:*:*:*:*",
              "matchCriteriaId": "89BBC0B1-7CEE-4FC3-8076-C46F7B8540A7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:enterprise_edition:*:*:*:*:*",
              "matchCriteriaId": "384EF27C-0939-4B80-81C2-B812528BE37A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:standard_edition:*:*:*:*:*",
              "matchCriteriaId": "B76D15D8-E8CC-42D6-8A6B-3C6F6F0CC117",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:web_edition:*:*:*:*:*",
              "matchCriteriaId": "A9C35E58-BAD6-4B86-82BE-D115DB437C63",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:home_edition:*:*:*:*:*",
              "matchCriteriaId": "DAA1CEB1-810B-4B59-A837-BC27D0918F1C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_edition:*:*:*:*:*",
              "matchCriteriaId": "8885F708-482E-4BFB-BAAA-D4CF25043CED",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DE436EA-9F65-4B62-A11D-B102F5E5E9FC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n de argumento en  Netscape Navigator 9 permite a atacantes remotos ejecutar comandos de su elecci\u00f3n mediante un byte NULL (%00) y metacaracteres de consola de comandos en URIs (1) mailto, (2) nntp, (3) news, (4) snews, \u00f3 (5) telnet, asunto similar a CVE-2007-3670."
    }
  ],
  "id": "CVE-2007-4042",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-07-27T22:30:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/46832"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://xs-sniper.com/blog/remote-command-exec-firefox-2005/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/46832"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://xs-sniper.com/blog/remote-command-exec-firefox-2005/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2001-01-09 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field.
Impacted products
Vendor Product Version
netscape communicator *
netscape navigator *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netscape:communicator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE8BCED1-674C-4050-9230-D233EFD2FD20",
              "versionEndIncluding": "4.75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5B287C2-FD02-4927-BC55-991FEDDD16BD",
              "versionEndIncluding": "4.75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field."
    }
  ],
  "id": "CVE-2000-1187",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2001-01-09T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:66.netscape.asc"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000344"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.suse.com/archives/suse-security-announce/2000-Nov/0005.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=97500270012529\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/7207"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2000-109.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5542"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:66.netscape.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000344"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.suse.com/archives/suse-security-announce/2000-Nov/0005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=97500270012529\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/7207"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2000-109.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5542"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.
References
cve@mitre.orghttp://bugzilla.mozilla.org/show_bug.cgi?id=255067Vendor Advisory
cve@mitre.orghttp://marc.info/?l=bugtraq&m=109698896104418&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=109900315219363&w=2
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200409-26.xml
cve@mitre.orghttp://www.kb.cert.org/vuls/id/847200Third Party Advisory, US Government Resource
cve@mitre.orghttp://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2004_36_mozilla.html
cve@mitre.orghttp://www.securityfocus.com/bid/11171Vendor Advisory
cve@mitre.orghttp://www.us-cert.gov/cas/techalerts/TA04-261A.htmlUS Government Resource
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/17381
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10952
af854a3a-2127-422b-91ae-364da2661108http://bugzilla.mozilla.org/show_bug.cgi?id=255067Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=109698896104418&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=109900315219363&w=2
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200409-26.xml
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/847200Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/11171Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA04-261A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/17381
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10952



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2434FCE7-A50B-4527-9970-C7224B31141C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
              "matchCriteriaId": "5633FB6E-D623-49D4-9858-4E20E64DE458",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "567FF916-7DE0-403C-8528-7931A43E0D18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FE7EA3B-3BF8-4696-9488-78506074D62D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E2A68B4-9101-4AC5-9E82-EEB5A5405541",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDA6C390-9BA7-4355-8C0A-CD68FF6AC236",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C75B125-E5BB-49A0-B12D-6CF40D8A5DB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "70DDB53E-7A12-4A08-8999-DB68E6DF901E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6514EDE8-7C78-4C72-A313-E0915D89E4EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "30A0231A-B664-46C2-9602-B60EAD6AEC12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C632D06D-0172-46DA-A7F9-0BC484365BD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C1BC491-9C5A-46D5-B6C3-5A8E5A1A0AF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "842CBD30-B4BA-4FCF-9152-9DBEBE59857C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4007B0D-9606-46BD-866A-7911BEA292BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A35FC777-A34E-4C7B-9E93-8F17F3AD5180",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*",
              "matchCriteriaId": "2641EE56-6F9D-400B-B456-877F4DA79B10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*",
              "matchCriteriaId": "A4A9461E-C117-42EC-9F14-DF2A82BA7C5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*",
              "matchCriteriaId": "E0B458EA-495E-40FA-9379-C03757F7B1EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*",
              "matchCriteriaId": "409E324A-C040-494F-A026-9DCAE01C07F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*",
              "matchCriteriaId": "1728AB5D-55A9-46B0-A412-6F7263CAEB5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*",
              "matchCriteriaId": "6474B775-C893-491F-A074-802AFB1FEDD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*",
              "matchCriteriaId": "78B46FFA-5B09-473E-AD33-3DB18BD0DAFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*",
              "matchCriteriaId": "EC79FF22-2664-4C40-B0B3-6D23B5F45162",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*",
              "matchCriteriaId": "0EFE2E73-9536-41A9-B83B-0A06B54857F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C84296C-2C8A-4DCD-9751-52951F8BEA9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "138985E6-5107-4E8B-A801-C3D5FE075227",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.3:*:i386:*:*:*:*:*",
              "matchCriteriaId": "9B502A61-44FB-4CD4-85BE-88D4ACCCA441",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.3:*:i686:*:*:*:*:*",
              "matchCriteriaId": "05853955-CA81-40D3-9A70-1227F3270D3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*",
              "matchCriteriaId": "F3FDE8C4-5FFD-4CC2-9F35-7C32043966D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*",
              "matchCriteriaId": "84A50ED3-FD0D-4038-B3E7-CC65D166C968",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*",
              "matchCriteriaId": "777F9EC0-2919-45CA-BFF8-78A02537C513",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows."
    }
  ],
  "id": "CVE-2004-0904",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=255067"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=109698896104418\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200409-26.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/847200"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/11171"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA04-261A.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17381"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10952"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=255067"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=109698896104418\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200409-26.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/847200"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/11171"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA04-261A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17381"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10952"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2003-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
Impacted products
Vendor Product Version
netscape navigator 4



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netscape:navigator:4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7A6E0CF-A734-45B5-A390-D420C19590D8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data."
    }
  ],
  "id": "CVE-2003-1560",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2003-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/4004"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/348574"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/4004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/348574"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2003-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end.
Impacted products
Vendor Product Version
mozilla firefox *
netscape navigator 7.0.2



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "14E6A30E-7577-4569-9309-53A0AF7FE3AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C632D06D-0172-46DA-A7F9-0BC484365BD7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end."
    }
  ],
  "id": "CVE-2003-1492",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2003-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/archive/1/319919"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/7456"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11924"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/archive/1/319919"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/7456"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11924"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs.
Impacted products
Vendor Product Version
mozilla firefox 0.9.3
mozilla mozilla 1.7.2
netscape navigator 7.1
netscape navigator 7.2



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "567FF916-7DE0-403C-8528-7931A43E0D18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C1BC491-9C5A-46D5-B6C3-5A8E5A1A0AF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "842CBD30-B4BA-4FCF-9152-9DBEBE59857C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs."
    }
  ],
  "id": "CVE-2004-1753",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2004-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=162134"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/12392"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/archive/1/373080"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/archive/1/373232"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/archive/1/373309"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/11059"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17137"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=162134"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/12392"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/archive/1/373080"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/archive/1/373232"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/archive/1/373309"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/11059"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17137"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka "Firesearching 2."
References
secalert@redhat.comftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
secalert@redhat.comhttp://secunia.com/advisories/14938Patch, Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/14992Patch, Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/14996Patch, Vendor Advisory
secalert@redhat.comhttp://www.mikx.de/firesearching/Exploit
secalert@redhat.comhttp://www.mozilla.org/security/announce/mfsa2005-38.htmlVendor Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-383.htmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-384.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-386.htmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/13211Exploit, Patch
secalert@redhat.comhttp://www.securityfocus.com/bid/15495
secalert@redhat.comhttps://bugzilla.mozilla.org/show_bug.cgi?id=290037Patch
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/20125
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9961
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/14938Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/14992Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/14996Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mikx.de/firesearching/Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/mfsa2005-38.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-383.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-384.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-386.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/13211Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/15495
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=290037Patch
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/20125
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9961



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2434FCE7-A50B-4527-9970-C7224B31141C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
              "matchCriteriaId": "5633FB6E-D623-49D4-9858-4E20E64DE458",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "567FF916-7DE0-403C-8528-7931A43E0D18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "010B34F4-910E-4515-990B-8E72DF009578",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A545A77-2198-4685-A87F-E0F2DAECECF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "778FAE0C-A5CF-4B67-93A9-1A803E3E699F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7447185-7509-449D-8907-F30A42CF7EB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C656A621-BE62-4BB8-9B25-A3916E60FA12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED69BEB9-8D83-415B-826D-9D17FB67976B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "3D8CB42F-8F05-45A6-A408-50A11CC132DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "407F69BE-4026-4B26-AC31-11E7CC942760",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "6E8264B5-4D4B-453D-B599-E2AD533A0CF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED9D75F1-8333-43DE-A08B-142E4C5899D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BF63077-4E98-497D-8CE6-B84B022DB21D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "2FEC6B13-3088-4ECB-9D81-6480F439601C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*",
              "matchCriteriaId": "20ECA520-780A-4EF8-8C80-B7564F4148B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCEAEDEB-0EE7-4221-B9B8-65438580D331",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "78A75EE3-DC19-4F21-86F4-834FCEAFEFA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*",
              "matchCriteriaId": "F610FFD5-DF37-4075-AE8B-8D89DF6205A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D093FD25-94C8-49B8-A452-438023BFB105",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "3346E7D0-D7EF-4182-BD86-837F14EEB9FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "150F1B28-0FAB-4880-B1D5-7F244A1C4D31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FE7EA3B-3BF8-4696-9488-78506074D62D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C883B45F-D28D-428E-AAF7-F93522A229DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFA659B9-2A00-45A6-A462-4E0A20FB7F81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFC06EBA-A836-4817-AEF6-EAC4BEDDF3CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "842CBD30-B4BA-4FCF-9152-9DBEBE59857C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka \"Firesearching 2.\""
    }
  ],
  "id": "CVE-2005-1157",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-05-02T04:00:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/14938"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/14992"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/14996"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.mikx.de/firesearching/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/mfsa2005-38.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2005-383.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-384.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2005-386.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/13211"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/15495"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=290037"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20125"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9961"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/14938"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/14992"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/14996"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.mikx.de/firesearching/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/mfsa2005-38.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2005-383.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-384.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2005-386.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/13211"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/15495"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=290037"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20125"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9961"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2002-06-18 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI.
Impacted products
Vendor Product Version
mozilla mozilla 0.9.9
mozilla mozilla 1.0
netscape communicator 6.1
netscape navigator 6.0
netscape navigator 6.01



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F1EB38F-CEB2-40BC-AA5D-CC539F597137",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C9296197-0EE0-4CC0-A11F-E44E3443E990",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:communicator:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F009302-6798-4189-BE56-FB8E67C64592",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5421CDE-6C31-42FF-8A06-23A6207D1B51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:6.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "6469EB31-32FF-415C-82DD-670513911371",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI."
    }
  ],
  "id": "CVE-2002-0593",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2002-06-18T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000490"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://online.securityfocus.com/archive/1/270249"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/8039"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.iss.net/security_center/static/8976.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/4637"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000490"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://online.securityfocus.com/archive/1/270249"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/8039"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.iss.net/security_center/static/8976.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/4637"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2002-08-12 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain.
Impacted products
Vendor Product Version
microsoft internet_explorer 6.0.2900
mozilla mozilla *
netscape navigator *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B90EA4B-DA10-44B7-BD3D-6AE1197212D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "10E59CDD-9F95-4E38-95B3-AC5C35075378",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA2CA2F8-260C-4559-BF24-3E321CEAE93F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Javascript \"Same Origin Policy\" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server\u0027s parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain."
    }
  ],
  "id": "CVE-2002-0815",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2002-08-12T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=102796732924658\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=102798282208686\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=102796732924658\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=102798282208686\u0026w=2"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2004-07-27 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
References
cve@mitre.orgftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
cve@mitre.orghttp://bugzilla.mozilla.org/show_bug.cgi?id=246448
cve@mitre.orghttp://marc.info/?l=bugtraq&m=109900315219363&w=2
cve@mitre.orghttp://secunia.com/advisories/11978Vendor Advisory
cve@mitre.orghttp://secunia.com/multiple_browsers_frame_injection_vulnerability_test/Vendor Advisory
cve@mitre.orghttp://www.debian.org/security/2005/dsa-777
cve@mitre.orghttp://www.debian.org/security/2005/dsa-810
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2004:082
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2004_36_mozilla.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2004-421.html
cve@mitre.orghttp://www.securityfocus.com/bid/15495
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/1598
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4756
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9997
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
af854a3a-2127-422b-91ae-364da2661108http://bugzilla.mozilla.org/show_bug.cgi?id=246448
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=109900315219363&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/11978Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2005/dsa-777
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2005/dsa-810
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2004:082
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2004-421.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/15495
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/1598
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4756
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9997
Impacted products
Vendor Product Version
firebirdsql firebird 0.7
mozilla mozilla 1.6
netscape navigator 7.1



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:firebirdsql:firebird:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F374AF9E-BBBC-4C0E-B00C-5DB7FC83B445",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BF63077-4E98-497D-8CE6-B84B022DB21D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C1BC491-9C5A-46D5-B6C3-5A8E5A1A0AF3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability."
    },
    {
      "lang": "es",
      "value": "Los navegadores web (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 no previenen adecuadamente que un marco de un dominio inyecte contenido en un marco que pertenece a otro dominio, lo que facilita la suplantaci\u00f3n de sitios web y otros ataques. Vulnerabilidad tambi\u00e9n conocida como \"de inyecci\u00f3n de marco\"."
    }
  ],
  "id": "CVE-2004-0718",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-07-27T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=246448"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/11978"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2005/dsa-777"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2005/dsa-810"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:082"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-421.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/15495"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1598"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4756"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9997"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=246448"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/11978"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2005/dsa-777"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2005/dsa-810"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:082"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-421.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/15495"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1598"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4756"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9997"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2000-01-12 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Netscape Mail Notification (nsnotify) utility in Netscape Communicator uses IMAP without SSL, even if the user has set a preference for Communicator to use an SSL connection, allowing a remote attacker to sniff usernames and passwords in plaintext.
Impacted products
Vendor Product Version
netscape communicator 4.7
netscape navigator *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "38FD74F5-12ED-4049-B06F-0F22A0254C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:navigator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA2CA2F8-260C-4559-BF24-3E321CEAE93F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Netscape Mail Notification (nsnotify) utility in Netscape Communicator uses IMAP without SSL, even if the user has set a preference for Communicator to use an SSL connection, allowing a remote attacker to sniff usernames and passwords in plaintext."
    }
  ],
  "id": "CVE-2000-0087",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2000-01-12T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=94790377622943\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.iss.net/security_center/static/4385.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=94790377622943\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.iss.net/security_center/static/4385.php"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}