Mozilla: >> Mozilla >> 1.7.5 Security Vulnerabilities
Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long sub-domains or paths for display, which may allow remote malicious web sites to spoof legitimate sites and facilitate phishing attacks.
CVSS Score
2.6
EPSS Score
0.013
Published
2005-03-25
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.
CVSS Score
6.5
EPSS Score
0.011
Published
2005-03-25
Heap-based buffer overflow in the UTF8ToNewUnicode function for Firefox before 1.0.1 and Mozilla before 1.7.6 might allow remote attackers to cause a denial of service (crash) or execute arbitrary code via invalid sequences in a UTF8 encoded string that result in a zero length value.
CVSS Score
7.5
EPSS Score
0.034
Published
2005-03-25
Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon when an insecure page loads a binary file from a trusted site, which could facilitate phishing attacks.
CVSS Score
2.6
EPSS Score
0.008
Published
2005-03-23
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL "secure site" lock icon via (1) a web site that does not finish loading, which shows the lock of the previous site, (2) a non-HTTP server that uses SSL, which causes the lock to be displayed when the SSL handshake is completed, or (3) a URL that generates an HTTP 204 error, which updates the icon and location information but does not change the display of the original site.
CVSS Score
2.6
EPSS Score
0.013
Published
2005-03-04
The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
CVSS Score
7.5
EPSS Score
0.086
Published
2005-02-08
Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\' (backslash) character, which prevents a string from being NULL terminated.
CVSS Score
5.0
EPSS Score
0.048
Published
2004-12-29
Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability."
CVSS Score
5.0
EPSS Score
0.139
Published
2004-10-20
Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks.
CVSS Score
5.0
EPSS Score
0.135
Published
2004-10-20
Mozilla 1.5 through 1.7 allows a CA certificate to be imported even when their DN is the same as that of the built-in CA root certificate, which allows remote attackers to cause a denial of service to SSL pages because the malicious certificate is treated as invalid.
CVSS Score
5.0
EPSS Score
0.158
Published
2004-08-18