← Back

Mozilla

mozilla

3,565 CVEs • 43 products

Products (43)

Click to collapse
Toggle
Firefox
firefox
3,133 CVEs
Thunderbird
thunderbird
1,729 CVEs
Seamonkey
seamonkey
704 CVEs
Firefox Esr
firefox_esr
488 CVEs
Thunderbird Esr
thunderbird_esr
228 CVEs
Bugzilla
bugzilla
145 CVEs
Mozilla
mozilla
108 CVEs
Network Security Services
network_security_services
50 CVEs
Mozilla Suite
mozilla_suite
27 CVEs
Firefox Mobile
firefox_mobile
20 CVEs
Firefox Focus
firefox_focus
20 CVEs
Focus
focus
15 CVEs
Firefox Os
firefox_os
14 CVEs
Nss
nss
6 CVEs
Bleach
bleach
5 CVEs
Bonsai
bonsai
4 CVEs
Camino
camino
4 CVEs
Vpn
vpn
4 CVEs
Netscape Portable Runtime
netscape_portable_runtime
3 CVEs
Convict
convict
3 CVEs
Nunjucks
nunjucks
2 CVEs
Mozjpeg
mozjpeg
2 CVEs
Webthings Gateway
webthings_gateway
2 CVEs
Pollbot
pollbot
2 CVEs
Geckodriver
geckodriver
2 CVEs
Gecko
gecko
1 CVE
Durian Web Application Server
durian_web_application_server
1 CVE
Geckb
geckb
1 CVE
Libxul
libxul
1 CVE
Zamboni
zamboni
1 CVE
Firefoxos
firefoxos
1 CVE
Persona
persona
1 CVE
Hubs Cloud Reticulum
hubs_cloud_reticulum
1 CVE
Hubs Cloud
hubs_cloud
1 CVE
Mozilla Vpn
mozilla_vpn
1 CVE
Nss Esr
nss_esr
1 CVE
Hawk
hawk
1 CVE
Common Voice
common_voice
1 CVE
Sccache
sccache
1 CVE
Neqo
neqo
1 CVE
Rhino
rhino
1 CVE
0din Scanner
0din_scanner
1 CVE
Thin Vec
thin-vec
1 CVE

CVEs (3,565)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2005-0989
2Mozilla
Netscape
3Firefox
MozillaNavigator
Apr 16, 2026
May 2, 2005
N/A· v4
N/A· v3
5.0 MEDIUM· v2
The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambd...Show more
The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method.Show less
CVE-2005-0591
1Mozilla
1Firefox
Apr 16, 2026
May 2, 2005
N/A· v4
N/A· v3
2.6 LOW· v2
Firefox before 1.0.1 allows remote attackers to spoof the (1) security and (2) download modal dialog boxes, which could be used to trick users into executing script or downloading and executing a file, aka "Firespoofing....Show more
Firefox before 1.0.1 allows remote attackers to spoof the (1) security and (2) download modal dialog boxes, which could be used to trick users into executing script or downloading and executing a file, aka "Firespoofing."Show less
CVE-2005-0590
1Mozilla
3Firefox
MozillaThunderbird
Apr 16, 2026
May 2, 2005
N/A· v4
N/A· v3
5.0 MEDIUM· v2
The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation...Show more
The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequence in the URL, which appears before the real hostname.Show less
CVE-2005-0589
1Mozilla
1Firefox
Apr 16, 2026
May 2, 2005
N/A· v4
N/A· v3
5.0 MEDIUM· v2
The Form Fill feature in Firefox before 1.0.1 allows remote attackers to steal potentially sensitive information via an input control that monitors the values that are generated by the autocomplete capability.
CVE-2005-0588
1Mozilla
2Firefox
Mozilla
Apr 16, 2026
May 2, 2005
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local sy...Show more
Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system.Show less
CVE-2005-0586
1Mozilla
2Firefox
Mozilla
Apr 16, 2026
May 2, 2005
N/A· v4
N/A· v3
2.6 LOW· v2
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangero...Show more
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content.Show less
CVE-2005-0584
1Mozilla
2Firefox
Mozilla
Apr 16, 2026
May 2, 2005
N/A· v4
N/A· v3
2.6 LOW· v2
Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks.
CVE-2005-0578
1Mozilla
2Firefox
Mozilla
Apr 16, 2026
May 2, 2005
N/A· v4
N/A· v3
2.1 LOW· v2
Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable filename for the plugin temporary directory, which allows local users to delete arbitrary files of other users via a symlink attack on the plugtmp dir...Show more
Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable filename for the plugin temporary directory, which allows local users to delete arbitrary files of other users via a symlink attack on the plugtmp directory.Show less
CVE-2005-0527
1Mozilla
1Firefox
Apr 16, 2026
May 2, 2005
N/A· v4
N/A· v3
5.1 MEDIUM· v2
Firefox 1.0 allows remote attackers to execute arbitrary code via plugins that load "privileged content" into frames, as demonstrated using certain XUL events when a user drags a scrollbar two times, aka "Firescrolling."
CVE-2005-0402
1Mozilla
1Firefox
Apr 16, 2026
May 2, 2005
N/A· v4
N/A· v3
2.6 LOW· v2
Firefox before 1.0.2 allows remote attackers to execute arbitrary code by tricking a user into saving a page as a Firefox sidebar panel, then using the sidebar panel to inject Javascript into a privileged page.
CVE-2005-0401
1Mozilla
2Firefox
Mozilla
Apr 16, 2026
May 2, 2005
N/A· v4
N/A· v3
5.1 MEDIUM· v2
FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a...Show more
FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2."Show less
CVE-2005-0399
1Mozilla
3Firefox
MozillaThunderbird
Apr 16, 2026
May 2, 2005
N/A· v4
N/A· v3
5.1 MEDIUM· v2
Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunderbird before 1.0.2, and possibly other applications that use the same library, allows remote attackers to execute arbitra...Show more
Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunderbird before 1.0.2, and possibly other applications that use the same library, allows remote attackers to execute arbitrary code via a GIF image with a crafted Netscape extension 2 block and buffer size.Show less
CVE-2005-0255
1Mozilla
3Firefox
MozillaThunderbird
Apr 16, 2026
May 2, 2005
N/A· v4
N/A· v3
5.0 MEDIUM· v2
String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string,...Show more
String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers to cause a denial of service and possibly execute arbitrary code by forcing an out-of-memory state that causes a reallocation to fail and return a pointer to a fixed address, which leads to heap corruption.Show less
CVE-2005-0238
4Gnome
MozillaOmnigroup+1 more
5Camino
EpiphanyMozilla+2 more
Apr 16, 2026
May 2, 2005
N/A· v4
N/A· v3
5.0 MEDIUM· v2
The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph charact...Show more
The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.Show less
CVE-2005-0232
1Mozilla
1Firefox
Apr 16, 2026
May 2, 2005
N/A· v4
N/A· v3
2.6 LOW· v2
Firefox 1.0 allows remote attackers to modify Boolean configuration parameters for the about:config site by using a plugin such as Flash, and the -moz-opacity filter, to display the about:config site then cause the user...Show more
Firefox 1.0 allows remote attackers to modify Boolean configuration parameters for the about:config site by using a plugin such as Flash, and the -moz-opacity filter, to display the about:config site then cause the user to double-click at a certain screen position, aka "Fireflashing."Show less
CVE-2005-0230
1Mozilla
1Firefox
Apr 16, 2026
May 2, 2005
N/A· v4
N/A· v3
5.1 MEDIUM· v2
Firefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote attackers to bypass the...Show more
Firefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote attackers to bypass the intended restriction and execute arbitrary commands via malformed GIF files that can still be parsed by the Windows batch file parser, aka "firedragging."Show less
CVE-2005-0215
1Mozilla
1Mozilla
Apr 16, 2026
May 2, 2005
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Mozilla 1.6 and possibly other versions allows remote attackers to cause a denial of service (application crash) via a XBM (X BitMap) file with a large (1) height or (2) width value.
CVE-2005-0148
1Mozilla
1Thunderbird
Apr 16, 2026
May 2, 2005
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Thunderbird before 0.9, when running on Windows systems, uses the default handler when processing javascript: links, which invokes Internet Explorer and may expose the Thunderbird user to vulnerabilities in the version o...Show more
Thunderbird before 0.9, when running on Windows systems, uses the default handler when processing javascript: links, which invokes Internet Explorer and may expose the Thunderbird user to vulnerabilities in the version of Internet Explorer that is installed on the user's system. NOTE: since the invocation between multiple products is a common practice, and the vulnerabilities inherent in multi-product interactions are not easily enumerable, this issue might be REJECTED in the future.Show less
CVE-2005-0147
1Mozilla
2Firefox
Mozilla
Apr 16, 2026
May 2, 2005
N/A· v4
N/A· v3
7.5 HIGH· v2
Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a proxy, respond to 407 proxy auth requests from arbitrary servers, which allows remote attackers to steal NTLM or SPNEGO credentials.
CVE-2005-0146
1Mozilla
2Firefox
Mozilla
Apr 16, 2026
May 2, 2005
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to obtain sensitive data from the clipboard via Javascript that generates a middle-click event on systems for which a middle-click performs a paste opera...Show more
Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to obtain sensitive data from the clipboard via Javascript that generates a middle-click event on systems for which a middle-click performs a paste operation.Show less