CVSS: 9.8EPSS: 81%CPEs: 12EXPL: 0CVE-2006-3113
https://notcve.org/view.php?id=CVE-2006-3113
27 Jul 2006 — Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via simultaneous XPCOM events, which causes a timer object to be deleted in a way that triggers memory corruption. Mozilla Firefox 1.5 anterior a 1.5.0.5, Thunderbird anterior a 1.5.0.5, y SeaMonkey anterior a 1.0.3 permite a atacantes remotos provocar denegación de servicio (caida) y posiblemente ejecutar código de su ele... • ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc •
CVSS: 6.8EPSS: 61%CPEs: 12EXPL: 0CVE-2006-3810
https://notcve.org/view.php?id=CVE-2006-3810
27 Jul 2006 — Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the XPCNativeWrapper(window).Function construct. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en Mozilla Firefox 1.5 anterior a 1.5.0.5, Thunderbird anterior a 1.5.0.5, y SeaMonkey anterior a 1.0.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del construc... • ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc •
CVSS: 6.1EPSS: 4%CPEs: 12EXPL: 0CVE-2006-3802
https://notcve.org/view.php?id=CVE-2006-3802
27 Jul 2006 — Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to hijack native DOM methods from objects in another domain and conduct cross-site scripting (XSS) attacks using DOM methods of the top-level object. Mozilla Firefox anterior a 1.5.0.5, Thunderbird anterior a1.5.0.5, y SeaMonkey anterior a 1.0.3 permite a atacantes remotos secuestrar metodos DOM nativos desde objetos en otros dominios y conducir ataques de secuencias de comandos en sitios cruzados ... • ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc •
CVSS: 9.8EPSS: 84%CPEs: 12EXPL: 0CVE-2006-3811
https://notcve.org/view.php?id=CVE-2006-3811
27 Jul 2006 — Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Javascript that leads to memory corruption, including (1) nsListControlFrame::FireMenuItemActiveEvent, (2) buffer overflows in the string class in out-of-memory conditions, (3) table row and column groups, (4) "anonymous box selectors outside of UA stylesheets," (5) stale references to "removed n... • ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc •
CVSS: 9.8EPSS: 94%CPEs: 12EXPL: 0CVE-2006-3803
https://notcve.org/view.php?id=CVE-2006-3803
27 Jul 2006 — Race condition in the JavaScript garbage collection in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code by causing the garbage collector to delete a temporary variable while it is still being used during the creation of a new Function object. Condición de carrera en el colector de basura JavaSCript en Mozilla Firefox 1.5 anterior a 1.5.0.5, Thunderbird anterior a 1.5.0.5, y SeaMonkey anterior a 1.0.3 podría perm... • ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc •
CVSS: 7.5EPSS: 15%CPEs: 7EXPL: 0CVE-2006-3804
https://notcve.org/view.php?id=CVE-2006-3804
27 Jul 2006 — Heap-based buffer overflow in Mozilla Thunderbird before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service (crash) via a VCard attachment with a malformed base64 field, which copies more data than expected due to an integer underflow. Desbordamiento de búfer basado en pila en Mozilla Thunderbird anterior a 1.5.0.5 y SeaMonkey anterior a 1.0.3 permite a atacantes remotos provocar denegación de servicio (caida) a través de una adjunto Vcard con un campo base64 mal formado... • ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc •
CVSS: 9.8EPSS: 88%CPEs: 12EXPL: 0CVE-2006-3807
https://notcve.org/view.php?id=CVE-2006-3807
27 Jul 2006 — Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object() constructor to return a reference to a privileged object and calling "named JavaScript functions" that use the constructor. Mozilla Firefox anterior a 1.5.0.5, Thunderbird anterior a 1.5.0.5, y SeaMonkey anterior a 1.0.3 permite a atacantes remotos ejecutar código de su elección a través de la secuencia de comandos que cambian ... • ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc •
CVSS: 9.8EPSS: 96%CPEs: 12EXPL: 0CVE-2006-3806
https://notcve.org/view.php?id=CVE-2006-3806
27 Jul 2006 — Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSource method of the Object, Array, and String objects; and (2) unspecified "string function arguments." Múltiples desbordamientos de búfer de enteros en el motor JavaScript en Mozilla Firefox anterior a 1.5.0.5, Thunderbird anterior a 1.5.0.5, y SeaMonkey anterior a... • ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 59%CPEs: 24EXPL: 0CVE-2006-2787
https://notcve.org/view.php?id=CVE-2006-2787
02 Jun 2006 — EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox. • http://rhn.redhat.com/errata/RHSA-2006-0609.html •
CVSS: 6.1EPSS: 16%CPEs: 2EXPL: 0CVE-2006-2786
https://notcve.org/view.php?id=CVE-2006-2786
02 Jun 2006 — HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via (1) invalid HTTP response headers with spaces between the header name and the colon, which might not be ignored in some cases, or (2) HTTP 1.1 headers through an HTTP 1.0 proxy, which are ignored by the proxy but processed by the client. • http://rhn.redhat.com/errata/RHSA-2006-0609.html •