← Back

Mozilla

mozilla

3,565 CVEs • 43 products

Products (43)

Click to collapse
Toggle
Firefox
firefox
3,133 CVEs
Thunderbird
thunderbird
1,729 CVEs
Seamonkey
seamonkey
704 CVEs
Firefox Esr
firefox_esr
488 CVEs
Thunderbird Esr
thunderbird_esr
228 CVEs
Bugzilla
bugzilla
145 CVEs
Mozilla
mozilla
108 CVEs
Network Security Services
network_security_services
50 CVEs
Mozilla Suite
mozilla_suite
27 CVEs
Firefox Mobile
firefox_mobile
20 CVEs
Firefox Focus
firefox_focus
20 CVEs
Focus
focus
15 CVEs
Firefox Os
firefox_os
14 CVEs
Nss
nss
6 CVEs
Bleach
bleach
5 CVEs
Bonsai
bonsai
4 CVEs
Camino
camino
4 CVEs
Vpn
vpn
4 CVEs
Netscape Portable Runtime
netscape_portable_runtime
3 CVEs
Convict
convict
3 CVEs
Nunjucks
nunjucks
2 CVEs
Mozjpeg
mozjpeg
2 CVEs
Webthings Gateway
webthings_gateway
2 CVEs
Pollbot
pollbot
2 CVEs
Geckodriver
geckodriver
2 CVEs
Gecko
gecko
1 CVE
Durian Web Application Server
durian_web_application_server
1 CVE
Geckb
geckb
1 CVE
Libxul
libxul
1 CVE
Zamboni
zamboni
1 CVE
Firefoxos
firefoxos
1 CVE
Persona
persona
1 CVE
Hubs Cloud Reticulum
hubs_cloud_reticulum
1 CVE
Hubs Cloud
hubs_cloud
1 CVE
Mozilla Vpn
mozilla_vpn
1 CVE
Nss Esr
nss_esr
1 CVE
Hawk
hawk
1 CVE
Common Voice
common_voice
1 CVE
Sccache
sccache
1 CVE
Neqo
neqo
1 CVE
Rhino
rhino
1 CVE
0din Scanner
0din_scanner
1 CVE
Thin Vec
thin-vec
1 CVE

CVEs (3,565)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2005-0144
1Mozilla
2Firefox
Mozilla
Apr 16, 2026
May 2, 2005
N/A· v4
N/A· v3
2.6 LOW· v2
Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lock icon when a view-source: URL references a secure SSL site while an insecure page is being loaded, which could facilitate phishing attacks.
CVE-2005-0142
1Mozilla
3Firefox
MozillaThunderbird
Apr 16, 2026
May 2, 2005
N/A· v4
N/A· v3
2.1 LOW· v2
Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belo...Show more
Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. content that is managed by helper applications such as PDF.Show less
CVE-2005-0141
1Mozilla
2Firefox
Mozilla
Apr 16, 2026
May 2, 2005
N/A· v4
N/A· v3
2.6 LOW· v2
Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links "with a custom getter and toString method" that are middle-clicked by the user to be opened in a new tab.
CVE-2005-0752
1Mozilla
1Firefox
Apr 16, 2026
Apr 18, 2005
N/A· v4
N/A· v3
7.5 HIGH· v2
The Plugin Finder Service (PFS) in Firefox before 1.0.3 allows remote attackers to execute arbitrary code via a javascript: URL in the PLUGINSPAGE attribute of an EMBED tag.
CVE-2005-0592
1Mozilla
2Firefox
Mozilla
Apr 16, 2026
Mar 25, 2005
N/A· v4
N/A· v3
7.5 HIGH· v2
Heap-based buffer overflow in the UTF8ToNewUnicode function for Firefox before 1.0.1 and Mozilla before 1.7.6 might allow remote attackers to cause a denial of service (crash) or execute arbitrary code via invalid sequen...Show more
Heap-based buffer overflow in the UTF8ToNewUnicode function for Firefox before 1.0.1 and Mozilla before 1.7.6 might allow remote attackers to cause a denial of service (crash) or execute arbitrary code via invalid sequences in a UTF8 encoded string that result in a zero length value.Show less
CVE-2005-0587
1Mozilla
2Firefox
Mozilla
Apr 16, 2026
Mar 25, 2005
N/A· v4
6.5 MEDIUM· v3
2.6 LOW· v2
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced i...Show more
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.Show less
CVE-2005-0585
1Mozilla
2Firefox
Mozilla
Apr 16, 2026
Mar 25, 2005
N/A· v4
N/A· v3
2.6 LOW· v2
Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long sub-domains or paths for display, which may allow remote malicious web sites to spoof legitimate sites and facilitate phishing attacks.
CVE-2005-0143
1Mozilla
2Firefox
Mozilla
Apr 16, 2026
Mar 23, 2005
N/A· v4
N/A· v3
2.6 LOW· v2
Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon when an insecure page loads a binary file from a trusted site, which could facilitate phishing attacks.
CVE-2005-0593
1Mozilla
2Firefox
Mozilla
Apr 16, 2026
Mar 4, 2005
N/A· v4
N/A· v3
2.6 LOW· v2
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL "secure site" lock icon via (1) a web site that does not finish loading, which shows the lock of the previous site, (2) a non-HTTP se...Show more
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL "secure site" lock icon via (1) a web site that does not finish loading, which shows the lock of the previous site, (2) a non-HTTP server that uses SSL, which causes the lock to be displayed when the SSL handshake is completed, or (3) a URL that generates an HTTP 204 error, which updates the icon and location information but does not change the display of the original site.Show less
CVE-2005-0149
1Mozilla
2Mozilla
Thunderbird
Apr 16, 2026
Feb 15, 2005
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the user's intended privacy and security policy...Show more
Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the user's intended privacy and security policy by using cookies in e-mail messages.Show less
CVE-2005-0233
4Mozilla
OmnigroupOpera+1 more
6Camino
FirefoxMozilla+3 more
Apr 16, 2026
Feb 8, 2005
N/A· v4
N/A· v3
7.5 HIGH· v2
The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certifi...Show more
The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.Show less
CVE-2005-0231
1Mozilla
1Firefox
Apr 16, 2026
Feb 7, 2005
N/A· v4
N/A· v3
2.6 LOW· v2
Firefox 1.0 does not invoke the Javascript Security Manager when a user drags a javascript: or data: URL to a tab, which allows remote attackers to bypass the security model, aka "firetabbing."
CVE-2004-0903
4Conectiva
MozillaRedhat+1 more
9Enterprise Linux
Enterprise Linux DesktopFedora Core+6 more
Apr 16, 2026
Jan 27, 2005
N/A· v4
N/A· v3
10.0 HIGH· v2
Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code...Show more
Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.Show less
CVE-2004-0902
4Conectiva
MozillaRedhat+1 more
9Enterprise Linux
Enterprise Linux DesktopFedora Core+6 more
Apr 16, 2026
Jan 27, 2005
N/A· v4
N/A· v3
10.0 HIGH· v2
Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbi...Show more
Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname.Show less
CVE-2005-0145
1Mozilla
1Firefox
Apr 16, 2026
Jan 24, 2005
N/A· v4
N/A· v3
2.6 LOW· v2
Firefox before 1.0 does not properly distinguish between user-generated and synthetic click events, which allows remote attackers to use Javascript to bypass the file download prompt when the user uses the Alt-click feat...Show more
Firefox before 1.0 does not properly distinguish between user-generated and synthetic click events, which allows remote attackers to use Javascript to bypass the file download prompt when the user uses the Alt-click feature.Show less
CVE-2004-1061
1Mozilla
1Bugzilla
Apr 16, 2026
Jan 4, 2005
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in Bugzilla before 2.18, including 2.16.x before 2.16.11, allows remote attackers to inject arbitrary HTML and web script via forced error messages, as demonstrated using the acti...Show more
Cross-site scripting (XSS) vulnerability in Bugzilla before 2.18, including 2.16.x before 2.16.11, allows remote attackers to inject arbitrary HTML and web script via forced error messages, as demonstrated using the action parameter.Show less
CVE-2004-2659
2Mozilla
Opera
2Mozilla
Opera Browser
Apr 16, 2026
Dec 31, 2004
N/A· v4
N/A· v3
4.0 MEDIUM· v2
Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a d...Show more
Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the Open dialog appears. NOTE: this is a different issue than CVE-2005-2407.Show less
CVE-2004-2657
1Mozilla
1Firefox
Apr 16, 2026
Dec 31, 2004
N/A· v4
N/A· v3
1.7 LOW· v2
Mozilla Firefox 1.5.0.1, and possibly other versions, preserves some records of user activity even after uninstalling, which allows local users who share a Windows profile to view the records after a new installation of...Show more
Mozilla Firefox 1.5.0.1, and possibly other versions, preserves some records of user activity even after uninstalling, which allows local users who share a Windows profile to view the records after a new installation of Firefox, as reported for the list of Passwords Never Saved web sites. NOTE: The vendor has disputed this issue, stating that "The uninstaller is primarily there to uninstall the application. It is not there to uninstall user data. For the moment I will stick by my module-owner decision.Show less
CVE-2004-2227
1Mozilla
1Firefox
Apr 16, 2026
Dec 31, 2004
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Mozilla Firefox before 1.0 truncates long filenames in the file download dialog box, which makes it easier for remote attackers to trick users into downloading files with dangerous extensions.
CVE-2004-2226
1Mozilla
1Thunderbird
Apr 16, 2026
Dec 31, 2004
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Mozilla Mail 1.7.1 and 1.7.3, and Thunderbird before 0.9, when HTML-Mails is enabled, allows remote attackers to determine valid e-mail addresses via an HTML e-mail that references a Cascading Style Sheets (CSS) document...Show more
Mozilla Mail 1.7.1 and 1.7.3, and Thunderbird before 0.9, when HTML-Mails is enabled, allows remote attackers to determine valid e-mail addresses via an HTML e-mail that references a Cascading Style Sheets (CSS) document on the attacker's server.Show less