The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of Mozilla Suite

HTTPS: information disclosure via a proxy
When an attacker can setup a proxy between the user and an HTTPS web server, he can obtain sensitive information...
BID-35411, BID-35412, CVE-2009-1836, CVE-2009-2057, CVE-2009-2059, CVE-2009-2061, CVE-2009-2063, CVE-2009-2064, CVE-2009-2065, CVE-2009-2067, CVE-2009-2069, CVE-2009-2070, SUSE-SR:2009:015, VIGILANCE-VUL-8806
Firefox: new homographs
Several homographs characters are not recognized by Firefox...
VIGILANCE-VUL-8497
HTTPS: man-in-the-middle in the middle attack by using http, SSLstrip
An attacker located as a man-in-the-middle can deceive the victim to connect to an http site instead of an https (HTTP over SSL) site...
BID-33837, CVE-2009-0652, RHSA-2009:0436-02, RHSA-2009:0437-02, SUSE-SR:2009:010, VIGILANCE-VUL-8479
SSL: creating a fake certification authority
An attacker, with important resources, can create a fake intermediary certification authority using a MD5 hash...
17341, BID-33065, BSA-2016-004, c05336888, CSCsw88068, CSCsw90626, CVE-2004-2761, DSA-2019-197, FEDORA-2009-1276, FEDORA-2009-1291, HPSBHF03673, RHSA-2010:0837-01, RHSA-2010:0838-01, VIGILANCE-VUL-8401, VU#836068
Firefox, Netscape: spoofing via subjectAltName dNSName
An attacker can create a SSL certificate using the subjectAltName:dNSName extension, whose warning dialog will not be displayed...
BID-26501, CVE-2007-6590-REJECT, CVE-2007-6591, CVE-2007-6592, CVE-2008-2809, VIGILANCE-VUL-7351
Firefox: Cross Site Scripting via jar
An attacker can upload a jar archive on a public site in order to create a Cross Site Scripting on this site...
369814, BID-26385, CVE-2007-5947, VIGILANCE-VUL-7326, VU#715737
Firefox, Thunderbird: command execution via mailto, nntp, news and snews
An attacker can use mailto, nntp, news and snews uris to execute commands under Windows...
BID-25543, CVE-2007-4841, VIGILANCE-VUL-7154
Firefox, Netscape: command execution via mailto, nntp, news and snews
An attacker can use mailto, nntp, news and snews uris to inject commands under Windows...
389580, BID-25053, c00771742, CERTA-2002-AVI-136, CVE-2007-4041, CVE-2007-4042, DSA-1344-1, DSA-1345-1, DSA-1346-1, HPSBUX02153, MDKSA-2007:152, SSA:2007-213-01, SSA:2007-222-04, SSRT061181, VIGILANCE-VUL-7037, VU#403150, VU#783400
IE, Firefox: protocol handlers vulnerabilities
Several vulnerabilities were announced in protocol handlers available from web browsers...
BID-25021, CVE-2007-3832, CVE-2007-4038, CVE-2007-4039, CVE-2007-4040, VIGILANCE-VUL-7009, VU#786920
Firefox: accessing and altering cached data
Cached data can be reached via a redirection to a wyciwyg uri...
387333, BID-24831, CVE-2007-3656, VIGILANCE-VUL-6975
Our database contains other pages. You can request a free trial to read them.