CVSS: 9.8EPSS: 53%CPEs: 7EXPL: 0CVE-2006-1724
https://notcve.org/view.php?id=CVE-2006-1724
14 Apr 2006 — Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to DHTML. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt •
CVSS: 9.8EPSS: 72%CPEs: 9EXPL: 0CVE-2006-1728
https://notcve.org/view.php?id=CVE-2006-1728
14 Apr 2006 — Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypto.generateCRMFRequest method. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt •
CVSS: 6.1EPSS: 20%CPEs: 30EXPL: 0CVE-2006-1731
https://notcve.org/view.php?id=CVE-2006-1731
14 Apr 2006 — Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are called without any arguments, which allows remote attackers to conduct cross-site scripting (XSS) attacks. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 3%CPEs: 1EXPL: 2CVE-2006-1045 – Mozilla Thunderbird 1.5 - Multiple Remote Information Disclosure Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-1045
07 Mar 2006 — The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP address, when the user reads the email and the external image is accessed. • https://www.exploit-db.com/exploits/27337 •
CVSS: 9.3EPSS: 92%CPEs: 18EXPL: 3CVE-2006-0884 – Mozilla (Multiple Products) - iFrame JavaScript Execution
https://notcve.org/view.php?id=CVE-2006-0884
24 Feb 2006 — The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail. • https://www.exploit-db.com/exploits/27257 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 3CVE-2006-0836 – Mozilla Thunderbird 1.5 - Address Book Import Remote Denial of Service
https://notcve.org/view.php?id=CVE-2006-0836
22 Feb 2006 — Mozilla Thunderbird 1.5 allows user-assisted attackers to cause an unspecified denial of service by tricking the user into importing an LDIF file with a long field into the address book, as demonstrated by a long homePhone field. • https://www.exploit-db.com/exploits/27246 •
CVSS: 9.8EPSS: 16%CPEs: 5EXPL: 0CVE-2006-0299
https://notcve.org/view.php?id=CVE-2006-0299
02 Feb 2006 — The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the same origin restrictions. • http://secunia.com/advisories/18700 •
CVSS: 8.8EPSS: 90%CPEs: 5EXPL: 0CVE-2006-0297
https://notcve.org/view.php?id=CVE-2006-0297
02 Feb 2006 — Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the (1) EscapeAttributeValue in jsxml.c for E4X, (2) nsSVGCairoSurface::Init in SVG, and (3) nsCanvasRenderingContext2D.cpp in Canvas. • http://secunia.com/advisories/18700 •
CVSS: 9.8EPSS: 96%CPEs: 4EXPL: 3CVE-2006-0295 – Mozilla Firefox 1.5 (Linux) - 'location.QueryInterface()' Code Execution
https://notcve.org/view.php?id=CVE-2006-0295
02 Feb 2006 — Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory corruption. • https://www.exploit-db.com/exploits/1474 •
CVSS: 9.8EPSS: 81%CPEs: 22EXPL: 0CVE-2006-0294
https://notcve.org/view.php?id=CVE-2006-0294
02 Feb 2006 — Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 allow remote attackers to execute arbitrary code by changing an element's style from position:relative to position:static, which causes Gecko to operate on freed memory. • http://secunia.com/advisories/18700 •