| Max CVSS | 7.5 | Min CVSS | 2.6 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2005-0593 | 2.6 |
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL "secure site" lock icon via (1) a web site that does not finish loading, which shows the lock of the previous site, (2) a non-HTTP server that uses SSL, which caus
|
11-10-2017 - 01:29 | 04-03-2005 - 05:00 | |
| CVE-2004-1156 | 4.3 |
Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up windo
|
11-10-2017 - 01:29 | 31-12-2004 - 05:00 | |
| CVE-2005-0149 | 5.0 |
Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the user's intended privacy and security policy by using cookies in e-mail me
|
11-10-2017 - 01:29 | 15-02-2005 - 05:00 | |
| CVE-2005-0591 | 2.6 |
Firefox before 1.0.1 allows remote attackers to spoof the (1) security and (2) download modal dialog boxes, which could be used to trick users into executing script or downloading and executing a file, aka "Firespoofing."
|
11-10-2017 - 01:29 | 02-05-2005 - 04:00 | |
| CVE-2005-0590 | 5.0 |
The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequen
|
11-10-2017 - 01:29 | 02-05-2005 - 04:00 | |
| CVE-2005-0150 | 5.0 |
Firefox before 1.0 allows the user to store a (1) javascript: or (2) data: URLs as a Livefeed bookmark, then executes it in the security context of the currently loaded page when the user later accesses the bookmark, which could allow remote attacker
|
11-10-2017 - 01:29 | 26-05-2005 - 04:00 | |
| CVE-2005-0255 | 5.0 |
String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers
|
11-10-2017 - 01:29 | 02-05-2005 - 04:00 | |
| CVE-2005-0592 | 7.5 |
Heap-based buffer overflow in the UTF8ToNewUnicode function for Firefox before 1.0.1 and Mozilla before 1.7.6 might allow remote attackers to cause a denial of service (crash) or execute arbitrary code via invalid sequences in a UTF8 encoded string t
|
11-10-2017 - 01:29 | 25-03-2005 - 05:00 | |
| CVE-2005-0148 | 5.0 |
Thunderbird before 0.9, when running on Windows systems, uses the default handler when processing javascript: links, which invokes Internet Explorer and may expose the Thunderbird user to vulnerabilities in the version of Internet Explorer that is in
|
11-10-2017 - 01:29 | 02-05-2005 - 04:00 | |
| CVE-2005-0147 | 7.5 |
Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a proxy, respond to 407 proxy auth requests from arbitrary servers, which allows remote attackers to steal NTLM or SPNEGO credentials.
|
11-10-2017 - 01:29 | 02-05-2005 - 04:00 | |
| CVE-2009-1889 | 5.0 |
The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets the ICQWebMessage message type as the ICQSMS message type, which allows remote attackers to cause a denial of service (application crash) via a crafted ICQ web message that trigge
|
29-09-2017 - 01:34 | 01-07-2009 - 13:00 |