CVSS: 9.1EPSS: 24%CPEs: 29EXPL: 0CVE-2006-5747
https://notcve.org/view.php?id=CVE-2006-5747
08 Nov 2006 — Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary code via the XML.prototype.hasOwnProperty JavaScript function. Vulnerabilidad sin especificar en el Mozilla Firefox anterior al 1.5.0.8, en el Thunderbird anterior al 1.5.0.8 y en el SeaMonkey anterior al 1.0.6 permite a atacantes remotos la ejecución de código de su elección mediante la función de JavaScript XML.prototype.hasOwnProperty • ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P •
CVSS: 10.0EPSS: 10%CPEs: 2EXPL: 0CVE-2006-4571 – seamonkey < 1.0.5 multiple vulnerabilities; to replace Mozilla
https://notcve.org/view.php?id=CVE-2006-4571
15 Sep 2006 — Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allow remote attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via unspecified vectors, some of which involve JavaScript, and possibly large images or plugin data. Múltiples vulnerabilidades no especificadas en FireFox anteriores a 1.5.0.7, Thunderbird anteriores 1.5.0.7 y SeaMonkey anterior a 1.0.5 permite a un atacante remoto provocar dene... • ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc •
CVSS: 9.1EPSS: 1%CPEs: 2EXPL: 0CVE-2006-4570
https://notcve.org/view.php?id=CVE-2006-4570
15 Sep 2006 — Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with "Load Images" enabled, allows remote user-assisted attackers to bypass settings that disable JavaScript via a remote XBL file in a message that is loaded when the user views, forwards, or replies to the original message. Mozilla thunderbird anteriores a 1.5.0.7 y SeaMonkey anterior a 1.0.5, con la "carga de imágenes" (Load Images) habilitada, permite a un atacante remoto con la complicidad del usuario evitar la configuración que deshabilita... • ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc •
CVSS: 7.5EPSS: 84%CPEs: 3EXPL: 0CVE-2006-4566
https://notcve.org/view.php?id=CVE-2006-4566
15 Sep 2006 — Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) via a malformed JavaScript regular expression that ends with a backslash in an unterminated character set ("[\\"), which leads to a buffer over-read. Mozilla Firefox anterior a 1.5.0.7, Thunderbird anterior 1.5.0.7, y SeaMonkey anterior 1.0.5 permite a atacantes remotos provocar denegación de servicio(crash) a través de expresiones regulares mal formadas JavaScr... • ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc •
CVSS: 7.4EPSS: 85%CPEs: 4EXPL: 0CVE-2006-4340
https://notcve.org/view.php?id=CVE-2006-4340
15 Sep 2006 — Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fi... • ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 3%CPEs: 2EXPL: 1CVE-2006-4567
https://notcve.org/view.php?id=CVE-2006-4567
15 Sep 2006 — Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a malicious site and accepting a malicious certificate for the Mozilla update site, which can then be used to install arbitrary code on the next update. Mozilla Firefox anterior a 1.5.0.7 y Thunderbird anteror a 1.5.0.7 hacen que fuera facil que los usuarios ace... • http://secunia.com/advisories/21906 •
CVSS: 9.8EPSS: 3%CPEs: 3EXPL: 0CVE-2006-4565
https://notcve.org/view.php?id=CVE-2006-4565
15 Sep 2006 — Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a JavaScript regular expression with a "minimal quantifier." Desbordamiento de bufer en Mozilla Firefox anterior a 1.5.0.7, Thunderbird anterior 1.5.0.7, y SeaMonkey anterior 1.0.5 permite a un atacante remoto provocar denegación de servicio (crash) y la posibilidad de ejecutar código de su el... • ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 32%CPEs: 21EXPL: 0CVE-2006-3812 – vulnerabilities: CVE-2006-{3113,3677,3801-3812}
https://notcve.org/view.php?id=CVE-2006-3812
29 Jul 2006 — Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to reference remote files and possibly load chrome: URLs by tricking the user into copying or dragging links. Mozilla Firefox anterior a 1.5.0.5, Thunderbird anterior a1.5.0.5, y SeaMonkey anterior a 1.0.3 permite a atacantes remotos referenciar archivos remotos y posiblemente cargar chrome: URLs engañando al usuario en acoplamientos de copiado o arrastrando enlaces. • ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc •
CVSS: 9.8EPSS: 84%CPEs: 12EXPL: 0CVE-2006-3805
https://notcve.org/view.php?id=CVE-2006-3805
27 Jul 2006 — The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used. El motor Javascript en Mozilla Firefox anterior a 1.5.0.5, Thunderbird anterior a 1.5.0.5, y SeaMonkey anterior a 1.0.3 prodría permitir a atacantes remoto ejecutar código de su elección a través de vectores que afectan al colector de ... • ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc •
CVSS: 9.8EPSS: 6%CPEs: 12EXPL: 0CVE-2006-3809
https://notcve.org/view.php?id=CVE-2006-3809
27 Jul 2006 — Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows scripts with the UniversalBrowserRead privilege to gain UniversalXPConnect privileges and possibly execute code or obtain sensitive data by reading into a privileged context. Mozilla Firefox anterior a 1.5.0.5, Thunderbird anterior a 1.5.0.5, y SeaMonkey anterior a 1.0.3 permite secuencias de comandos con el privilegio UniversalBrowserRead obtener privilegios UniversalXPConnect y posiblemente ejecutar código u obte... • ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc •