Search CVE reports
121 – 127 of 127 results
FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into...
5 affected packages
firefox, firefox-granparadiso, lightning-sunbird, midbrowser, mozilla
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | — | — | — | — |
| firefox-granparadiso | — | — | — | — |
| lightning-sunbird | — | — | — | — |
| midbrowser | — | — | — | — |
| mozilla | — | — | — | — |
Some fixes available 7 of 8
Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunderbird before 1.0.2, and possibly other applications that use the same library, allows remote attackers to execute arbitrary code...
6 affected packages
firefox, firefox-3.0, lightning-sunbird, midbrowser, mozilla, mozilla-thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | — | — | — | — |
| firefox-3.0 | — | — | — | — |
| lightning-sunbird | — | — | — | — |
| midbrowser | — | — | — | — |
| mozilla | — | — | — | — |
| mozilla-thunderbird | — | — | — | — |
Firefox 1.0 allows remote attackers to modify Boolean configuration parameters for the about:config site by using a plugin such as Flash, and the -moz-opacity filter, to display the about:config site then cause the user to...
5 affected packages
firefox, firefox-granparadiso, lightning-sunbird, midbrowser, mozilla
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | — | — | — | — |
| firefox-granparadiso | — | — | — | — |
| lightning-sunbird | — | — | — | — |
| midbrowser | — | — | — | — |
| mozilla | — | — | — | — |
The Plugin Finder Service (PFS) in Firefox before 1.0.3 allows remote attackers to execute arbitrary code via a javascript: URL in the PLUGINSPAGE attribute of an EMBED tag.
4 affected packages
firefox, firefox-granparadiso, lightning-sunbird, midbrowser
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | — | — | — | — |
| firefox-granparadiso | — | — | — | — |
| lightning-sunbird | — | — | — | — |
| midbrowser | — | — | — | — |
Firefox 1.0 does not invoke the Javascript Security Manager when a user drags a javascript: or data: URL to a tab, which allows remote attackers to bypass the security model, aka "firetabbing."
5 affected packages
midbrowser, firefox, firefox-granparadiso, lightning-sunbird, mozilla
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| midbrowser | — | — | — | — |
| firefox | — | — | — | — |
| firefox-granparadiso | — | — | — | — |
| lightning-sunbird | — | — | — | — |
| mozilla | — | — | — | — |
Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated...
5 affected packages
firefox, firefox-granparadiso, lightning-sunbird, midbrowser, mozilla
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | — | — | — | — |
| firefox-granparadiso | — | — | — | — |
| lightning-sunbird | — | — | — | — |
| midbrowser | — | — | — | — |
| mozilla | — | — | — | — |
The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site...
4 affected packages
firefox, firefox-granparadiso, lightning-sunbird, midbrowser
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | — | — | — | — |
| firefox-granparadiso | — | — | — | — |
| lightning-sunbird | — | — | — | — |
| midbrowser | — | — | — | — |