- Home
- CVEs with nessus.description==Several security-related problems have been discovered in Mozilla and derived programs. The Common Vulnerabilities and Exposures project identifies the following problems :
- CAN-2005-2871 Tom Ferris discovered a bug in the IDN hostname handling of Mozilla that allows remote attackers to cause a denial of service and possibly execute arbitrary code via a hostname with dashes.
- CAN-2005-2701
A buffer overflow allows remote attackers to execute arbitrary code via an XBM image file that ends in a large number of spaces instead of the expected end tag.
- CAN-2005-2702
Mats Palmgren discovered a buffer overflow in the Unicode string parser that allows a specially crafted Unicode sequence to overflow a buffer and cause arbitrary code to be executed.
- CAN-2005-2703
Remote attackers could spoof HTTP headers of XML HTTP requests via XMLHttpRequest and possibly use the client to exploit vulnerabilities in servers or proxies.
- CAN-2005-2704
Remote attackers could spoof DOM objects via an XBL control that implements an internal XPCOM interface.
- CAN-2005-2705
Georgi Guninski discovered an integer overflow in the JavaScript engine that might allow remote attackers to execute arbitrary code.
- CAN-2005-2706
Remote attackers could execute JavaScript code with chrome privileges via an about: page such as about:mozilla.
- CAN-2005-2707
Remote attackers could spawn windows without user interface components such as the address and status bar that could be used to conduct spoofing or phishing attacks.
- CAN-2005-2968
Peter Zelezny discovered that shell metacharacters are not properly escaped when they are passed to a shell script and allow the execution of arbitrary commands, e.g. when a malicious URL is automatically copied from another program into Mozilla as default browser.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top