Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mozilla mozilla 1.3 vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2019-11727
A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messag...
Mozilla Firefox
4.7
CVSSv3
CVE-2020-12401
During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
Mozilla Firefox
4.7
CVSSv3
CVE-2020-12400
When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
Mozilla Firefox
4.4
CVSSv3
CVE-2020-12402
During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the rec...
Mozilla Firefox
Opensuse Leap 15.1
Fedoraproject Fedora 32
Opensuse Leap 15.2
Debian Debian Linux 9.0
NA
CVE-2012-2713
Cross-site request forgery (CSRF) vulnerability in the BrowserID (Mozilla Persona) module 7.x-1.x prior to 7.x-1.3 for Drupal allows remote malicious users to hijack the authentication of arbitrary users for requests that login a user to another web site.
Browserid Project Browserid 7.x-1.1
Browserid Project Browserid 7.x-1.2
NA
CVE-2011-4136
django.contrib.sessions in Django prior to 1.2.7 and 1.3.x prior to 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote malicious users to modify a session by triggering use of a key ...
Djangoproject Django 1.2.1
Djangoproject Django 1.1.2
Djangoproject Django 1.0.2
Djangoproject Django
Djangoproject Django 0.95
Djangoproject Django 0.95.1
Djangoproject Django 1.2.3
Djangoproject Django 1.1.0
Djangoproject Django 1.2.4
Djangoproject Django 1.2.5
Djangoproject Django 1.1
Djangoproject Django 1.0
Djangoproject Django 1.3
Djangoproject Django 1.2
Djangoproject Django 1.1.3
Djangoproject Django 0.91
Djangoproject Django 1.2.2
Djangoproject Django 1.0.1
Djangoproject Django 0.96
NA
CVE-2011-4137
The verify_exists functionality in the URLField implementation in Django prior to 1.2.7 and 1.3.x prior to 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote malicious users to cause a denial of service (resource consumpt...
Djangoproject Django 0.91
Djangoproject Django 1.2.2
Djangoproject Django 1.0.1
Djangoproject Django 0.96
Djangoproject Django 1.2.1
Djangoproject Django 1.1.2
Djangoproject Django 1.0.2
Djangoproject Django
Djangoproject Django 0.95
Djangoproject Django 0.95.1
Djangoproject Django 1.2.3
Djangoproject Django 1.1.0
Djangoproject Django 1.2.4
Djangoproject Django 1.2.5
Djangoproject Django 1.1
Djangoproject Django 1.0
Djangoproject Django 1.3
Djangoproject Django 1.2
Djangoproject Django 1.1.3
NA
CVE-2011-4138
The verify_exists functionality in the URLField implementation in Django prior to 1.2.7 and 1.3.x prior to 1.3.1 originally tests a URL's validity through a HEAD request, but then uses a GET request for the new target URL in the case of a redirect, which might allow remote m...
Djangoproject Django 0.91
Djangoproject Django 1.2.2
Djangoproject Django 1.0.1
Djangoproject Django 0.96
Djangoproject Django 1.2.1
Djangoproject Django 1.1.2
Djangoproject Django 1.0.2
Djangoproject Django
Djangoproject Django 1.1
Djangoproject Django 1.0
Djangoproject Django 1.3
Djangoproject Django 1.2
Djangoproject Django 1.1.3
Djangoproject Django 0.95
Djangoproject Django 0.95.1
Djangoproject Django 1.2.3
Djangoproject Django 1.1.0
Djangoproject Django 1.2.4
Djangoproject Django 1.2.5
NA
CVE-2011-4139
Django prior to 1.2.7 and 1.3.x prior to 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote malicious users to conduct cache poisoning attacks via a crafted request.
Djangoproject Django 1.1
Djangoproject Django 1.0
Djangoproject Django 1.3
Djangoproject Django 1.2
Djangoproject Django 0.91
Djangoproject Django 1.2.2
Djangoproject Django 1.0.1
Djangoproject Django 0.96
Djangoproject Django 0.95
Djangoproject Django 0.95.1
Djangoproject Django 1.2.3
Djangoproject Django 1.1.0
Djangoproject Django 1.1.3
Djangoproject Django 1.2.4
Djangoproject Django 1.2.5
Djangoproject Django 1.2.1
Djangoproject Django 1.1.2
Djangoproject Django 1.0.2
Djangoproject Django
NA
CVE-2011-4140
The CSRF protection mechanism in Django up to and including 1.2.7 and 1.3.x up to and including 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote malicious users to trigger unauthenticated forged requests via vect...
Djangoproject Django 0.95
Djangoproject Django 0.95.1
Djangoproject Django 1.2.3
Djangoproject Django 1.1.0
Djangoproject Django 1.1.3
Djangoproject Django 1.2.4
Djangoproject Django 1.2.5
Djangoproject Django 1.1
Djangoproject Django 1.0
Djangoproject Django 1.3
Djangoproject Django 1.2
Djangoproject Django 1.2.1
Djangoproject Django 1.1.2
Djangoproject Django 1.0.2
Djangoproject Django
Djangoproject Django 0.91
Djangoproject Django 1.2.2
Djangoproject Django 1.0.1
Djangoproject Django 0.96
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »