GCVE - cpe:2.3:a:mozilla:mozilla:1.7.12:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:mozilla:mozilla:1.7.12:*:*:*:*:*:*:*

part: a version: 1.7.12 update: *

Vendor	Mozilla (`be1b0d4e-21a7-5a25-9982-bbda6ef43ec1`)
Product	Mozilla (`5488dee4-fdb9-5fdb-bb63-5465af3d7de9`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github//mozilla/gecko-dev`	purl2cpe	2026-06-01 10:17:52.541133
`pkg:mozilla/mozilla-release`	purl2cpe	2026-06-01 10:17:52.541134

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2007-3144`	vulnerable	2026-06-03 14:28:15.240534	Details available Visual truncation vulnerability in Mozilla 1.7.12 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication. Published: 2007-06-11T18:00:00.000Z Updated: 2024-08-07T14:05:28.585Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/24352 http://osvdb.org/43466 https://exchange.xforce.ibmcloud.com/vulnerabilities/34983 http://testing.bitsploit.de/test.html http://www.0x000000.com/?i=334	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-0496`	vulnerable	2026-06-03 14:27:21.340536	Details available Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding (Cascading Style Sheets) CSS property, which does not require that the style sheet have the same origin as the web page, as demonstrated by the compromise of a large number of LiveJournal accounts. Published: 2006-02-01T02:00:00.000Z Updated: 2024-08-07T16:34:14.832Z Open on db.gcve.eu Reference links http://www.davidpashley.com/cgi/pyblosxom.cgi/computing/livejournal-mozilla-bug.html https://bugzilla.mozilla.org/show_bug.cgi?id=324253 http://securitytracker.com/id?1015563 https://exchange.xforce.ibmcloud.com/vulnerabilities/24427 http://www.vupen.com/english/advisories/2006/0403	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2005-4685`	vulnerable	2026-06-03 14:27:13.998397	Details available Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site. Published: 2006-02-01T02:00:00.000Z Updated: 2024-08-07T23:53:28.695Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/15331 http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0123.html https://exchange.xforce.ibmcloud.com/vulnerabilities/25291	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.