- EPSS 1.79%
- Veröffentlicht 23.09.2005 19:03:00
- Zuletzt bearbeitet 16.06.2026 22:15:31
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spawn windows without user interface components such as the address and status bar, which could be used to conduct spoofing or phishing attacks.
CVE-2005-2968
- EPSS 10.72%
- Veröffentlicht 20.09.2005 22:03:00
- Zuletzt bearbeitet 16.06.2026 22:15:59
Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line, which is sent unfiltered to bash.
CVE-2005-2871
- EPSS 21.11%
- Veröffentlicht 09.09.2005 18:03:00
- Zuletzt bearbeitet 16.06.2026 22:15:49
Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with al...
CVE-2005-2602
- EPSS 1.71%
- Veröffentlicht 17.08.2005 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:15:16
Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to obfuscate URIs via a long URI, which causes the address bar to go blank and could facilitate phishing attacks.
- EPSS 1.26%
- Veröffentlicht 03.08.2005 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:14:52
Firefox, when opening Microsoft Word documents, does not properly set the permissions on shared sections, which allows remote attackers to write arbitrary data to open applications in Microsoft Office.
- EPSS 2.38%
- Veröffentlicht 27.07.2005 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:14:48
Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the strongest authentication scheme available as required by RFC2617, which might cause credentials to be sent in plaintext even if an encrypted channel is available.
CVE-2005-2260
- EPSS 3.26%
- Veröffentlicht 13.07.2005 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:14:33
The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dan...
CVE-2005-2261
- EPSS 3.59%
- Veröffentlicht 13.07.2005 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:14:33
Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection.
CVE-2005-2262
- EPSS 6.55%
- Veröffentlicht 13.07.2005 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:14:34
Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers to execute arbitrary code by tricking the user into using the "Set As Wallpaper" (in Firefox) or "Set as Background" (in Netscape) context menu on an image URL that is really a java...
- EPSS 3.1%
- Veröffentlicht 13.07.2005 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:14:34
The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which ca...