CVSS: 9.8EPSS: 94%CPEs: 43EXPL: 0CVE-2006-2779
https://notcve.org/view.php?id=CVE-2006-2779
02 Jun 2006 — Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption. • http://rhn.redhat.com/errata/RHSA-2006-0609.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 80%CPEs: 26EXPL: 0CVE-2006-1726
https://notcve.org/view.php?id=CVE-2006-1726
14 Apr 2006 — Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the js_ValueToFunctionObject check and execute arbitrary code via unknown vectors involving setTimeout and Firefox' ForEach method. • http://secunia.com/advisories/19631 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 56%CPEs: 27EXPL: 0CVE-2006-1529
https://notcve.org/view.php?id=CVE-2006-1529
14 Apr 2006 — Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt •
CVSS: 9.8EPSS: 22%CPEs: 27EXPL: 0CVE-2006-0748 – Mozilla Firefox Table Rebuilding Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2006-0748
14 Apr 2006 — Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via "an invalid and non-sensical ordering of table-related tags" that results in a negative array index. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of the Mozilla/Firefox web browser and Thunderbird e-mail client. User interaction is required to exploit this vulnerability in that the... • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 32%CPEs: 27EXPL: 0CVE-2006-1723
https://notcve.org/view.php?id=CVE-2006-1723
14 Apr 2006 — Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt •
CVSS: 6.5EPSS: 7%CPEs: 24EXPL: 2CVE-2005-4809 – Mozilla Suite/Firefox/Thunderbird - Nested Anchor Tag Status Bar Spoofing
https://notcve.org/view.php?id=CVE-2005-4809
31 Dec 2005 — Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag. • https://www.exploit-db.com/exploits/25221 •
CVSS: 6.4EPSS: 0%CPEs: 79EXPL: 0CVE-2005-4685
https://notcve.org/view.php?id=CVE-2005-4685
31 Dec 2005 — Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site. • http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0123.html •
CVSS: 6.5EPSS: 3%CPEs: 8EXPL: 0CVE-2004-2225
https://notcve.org/view.php?id=CVE-2004-2225
31 Dec 2004 — Mozilla Firefox before 0.10.1 allows remote attackers to delete arbitrary files in the download directory via a crafted data: URI that is not properly handled when the user clicks the Save button. • http://secunia.com/advisories/12708 •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 1CVE-2004-1200
https://notcve.org/view.php?id=CVE-2004-1200
15 Dec 2004 — Firefox and Mozilla allow remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays. • http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/029434.html •