Search Results (1755 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-1742 2 Mozilla, Redhat 5 Firefox, Mozilla Suite, Seamonkey and 2 more 2026-04-16 N/A
The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger operations on freed memory and cause memory corruption.
CVE-2004-0907 1 Mozilla 2 Mozilla, Thunderbird 2026-04-16 N/A
The Linux install .tar.gz archives for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8, create certain files with insecure permissions, which could allow local users to overwrite those files and execute arbitrary code.
CVE-2006-1735 2 Mozilla, Redhat 5 Firefox, Mozilla Suite, Seamonkey and 2 more 2026-04-16 N/A
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using an eval in an XBL method binding (XBL.method.eval) to create Javascript functions that are compiled with extra privileges.
CVE-2005-2602 1 Mozilla 2 Firefox, Thunderbird 2026-04-16 N/A
Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to obfuscate URIs via a long URI, which causes the address bar to go blank and could facilitate phishing attacks.
CVE-2006-1734 2 Mozilla, Redhat 5 Firefox, Mozilla Suite, Seamonkey and 2 more 2026-04-16 N/A
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using the Object.watch method to access the "clone parent" internal function.
CVE-2004-0648 1 Mozilla 3 Firefox, Mozilla, Thunderbird 2026-04-16 N/A
Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird before 0.7.2 allow remote attackers to launch arbitrary programs via a URI referencing the shell: protocol.
CVE-2006-1733 2 Mozilla, Redhat 5 Firefox, Mozilla Suite, Seamonkey and 2 more 2026-04-16 N/A
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) "by inserting an XBL method into the DOM's document.body prototype chain."
CVE-2005-2353 1 Mozilla 1 Thunderbird 2026-04-16 N/A
run-mozilla.sh in Thunderbird, with debugging enabled, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.
CVE-2004-0762 2 Mozilla, Redhat 4 Firefox, Mozilla, Thunderbird and 1 more 2026-04-16 N/A
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box.
CVE-2006-1732 2 Mozilla, Redhat 4 Firefox, Seamonkey, Thunderbird and 1 more 2026-04-16 N/A
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting (XSS) attacks via unspecified vectors involving the window.controllers array.
CVE-2006-1731 2 Mozilla, Redhat 5 Firefox, Mozilla Suite, Seamonkey and 2 more 2026-04-16 N/A
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are called without any arguments, which allows remote attackers to conduct cross-site scripting (XSS) attacks.
CVE-2004-0906 2 Mozilla, Redhat 3 Mozilla, Thunderbird, Enterprise Linux 2026-04-16 N/A
The XPInstall installer in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 sets insecure permissions for certain installed files within xpi packages, which could allow local users to overwrite arbitrary files or execute arbitrary code.
CVE-2005-2261 2 Mozilla, Redhat 4 Firefox, Mozilla, Thunderbird and 1 more 2026-04-16 N/A
Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection.
CVE-2006-1730 2 Mozilla, Redhat 5 Firefox, Mozilla Suite, Seamonkey and 2 more 2026-04-16 N/A
Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via a large number in the CSS letter-spacing property that leads to a heap-based buffer overflow.
CVE-2005-0590 2 Mozilla, Redhat 4 Firefox, Mozilla, Thunderbird and 1 more 2026-04-16 N/A
The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequence in the URL, which appears before the real hostname.
CVE-2006-1728 3 Canonical, Mozilla, Redhat 6 Ubuntu Linux, Firefox, Mozilla Suite and 3 more 2026-04-16 N/A
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypto.generateCRMFRequest method.
CVE-2006-1727 3 Canonical, Mozilla, Redhat 6 Ubuntu Linux, Firefox, Mozilla Suite and 3 more 2026-04-16 N/A
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to gain chrome privileges via multiple attack vectors related to the use of XBL scripts with "Print Preview".
CVE-2005-0399 2 Mozilla, Redhat 4 Firefox, Mozilla, Thunderbird and 1 more 2026-04-16 N/A
Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunderbird before 1.0.2, and possibly other applications that use the same library, allows remote attackers to execute arbitrary code via a GIF image with a crafted Netscape extension 2 block and buffer size.
CVE-2004-0904 4 Conectiva, Mozilla, Netscape and 1 more 10 Linux, Firefox, Mozilla and 7 more 2026-04-16 N/A
Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.
CVE-2006-1726 1 Mozilla 3 Firefox, Seamonkey, Thunderbird 2026-04-16 N/A
Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the js_ValueToFunctionObject check and execute arbitrary code via unknown vectors involving setTimeout and Firefox' ForEach method.