Mozilla Mozilla Browser 1.8 Alpha2

CPE Details

Mozilla Mozilla Browser 1.8 Alpha2
mozilla
mozilla
1.8
2007-08-23
19h16 +00:00
2008-04-07
12h31 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:mozilla:mozilla:1.8:alpha2:*:*:*:*:*:*

Informations

Vendor

mozilla

Product

mozilla

Version

1.8

Update

alpha2

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2007-4039 2007-07-27 22h00 +00:00 Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670.
4.3
CVE-2005-4685 2006-02-01 01h00 +00:00 Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site.
6.4
CVE-2005-3896 2005-11-29 20h00 +00:00 Mozilla allows remote attackers to cause a denial of service (CPU consumption) via a Javascript BODY onload event that calls the window function.
7.8
CVE-2004-1613 2005-02-20 04h00 +00:00 Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by mangleme.
5
CVE-2004-1614 2005-02-20 04h00 +00:00 Mozilla allows remote attackers to cause a denial of service (application crash from invalid memory access) via an "unusual combination of visual elements," including several large MARQUEE tags with large height parameters, as demonstrated by mangleme.
5
CVE-2004-1380 2005-01-29 04h00 +00:00 Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability."
5
CVE-2004-1381 2005-01-29 04h00 +00:00 Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks.
5
CVE-2005-0143 2005-01-29 04h00 +00:00 Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon when an insecure page loads a binary file from a trusted site, which could facilitate phishing attacks.
2.6
CVE-2004-1316 2004-12-31 04h00 +00:00 Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\' (backslash) character, which prevents a string from being NULL terminated.
5
CVE-2004-0758 2004-08-03 02h00 +00:00 Mozilla 1.5 through 1.7 allows a CA certificate to be imported even when their DN is the same as that of the built-in CA root certificate, which allows remote attackers to cause a denial of service to SSL pages because the malicious certificate is treated as invalid.
5
CVE-2004-0759 2004-08-03 02h00 +00:00 Mozilla before 1.7 allows remote web servers to read arbitrary files via Javascript that sets the value of an tag.
6.4
CVE-2004-0760 2004-08-03 02h00 +00:00 Mozilla allows remote attackers to cause Mozilla to open a URI as a different MIME type than expected via a null character (%00) in an FTP URI.
6.4
CVE-2004-0478 2004-05-20 02h00 +00:00 Unknown versions of Mozilla allow remote attackers to cause a denial of service (high CPU/RAM consumption) using Javascript with an infinite loop that continues to add input to a form, possibly as the result of inserting control characters, as demonstrated using an embedded ctrl-U.
2.6
CVE-2002-0815 2002-08-01 02h00 +00:00 The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain.
7.5