CVSS: 9.3EPSS: 92%CPEs: 18EXPL: 3CVE-2006-0884 – Mozilla (Multiple Products) - iFrame JavaScript Execution
https://notcve.org/view.php?id=CVE-2006-0884
24 Feb 2006 — The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail. • https://www.exploit-db.com/exploits/27257 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 3CVE-2006-0836 – Mozilla Thunderbird 1.5 - Address Book Import Remote Denial of Service
https://notcve.org/view.php?id=CVE-2006-0836
22 Feb 2006 — Mozilla Thunderbird 1.5 allows user-assisted attackers to cause an unspecified denial of service by tricking the user into importing an LDIF file with a long field into the address book, as demonstrated by a long homePhone field. • https://www.exploit-db.com/exploits/27246 •
CVSS: 9.8EPSS: 16%CPEs: 5EXPL: 0CVE-2006-0299
https://notcve.org/view.php?id=CVE-2006-0299
02 Feb 2006 — The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the same origin restrictions. • http://secunia.com/advisories/18700 •
CVSS: 8.8EPSS: 90%CPEs: 5EXPL: 0CVE-2006-0297
https://notcve.org/view.php?id=CVE-2006-0297
02 Feb 2006 — Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the (1) EscapeAttributeValue in jsxml.c for E4X, (2) nsSVGCairoSurface::Init in SVG, and (3) nsCanvasRenderingContext2D.cpp in Canvas. • http://secunia.com/advisories/18700 •
CVSS: 9.8EPSS: 96%CPEs: 4EXPL: 3CVE-2006-0295 – Mozilla Firefox 1.5 (Linux) - 'location.QueryInterface()' Code Execution
https://notcve.org/view.php?id=CVE-2006-0295
02 Feb 2006 — Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory corruption. • https://www.exploit-db.com/exploits/1474 •
CVSS: 9.8EPSS: 81%CPEs: 22EXPL: 0CVE-2006-0294
https://notcve.org/view.php?id=CVE-2006-0294
02 Feb 2006 — Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 allow remote attackers to execute arbitrary code by changing an element's style from position:relative to position:static, which causes Gecko to operate on freed memory. • http://secunia.com/advisories/18700 •
CVSS: 8.8EPSS: 1%CPEs: 7EXPL: 0CVE-2006-0236
https://notcve.org/view.php?id=CVE-2006-0236
18 Jan 2006 — GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-assisted attackers to execute arbitrary code via an attachment with a filename containing a large number of spaces ending with a dangerous extension that is not displayed by Thunderbird, along with an inconsistent Content-Type header, which could be used to trick a user into downloading dangerous content by dragging or saving the attachment. • http://secunia.com/advisories/15907 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 7%CPEs: 24EXPL: 2CVE-2005-4809 – Mozilla Suite/Firefox/Thunderbird - Nested Anchor Tag Status Bar Spoofing
https://notcve.org/view.php?id=CVE-2005-4809
31 Dec 2005 — Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag. • https://www.exploit-db.com/exploits/25221 •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2005-3402
https://notcve.org/view.php?id=CVE-2005-3402
01 Nov 2005 — The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly other versions, does not notify users when it cannot establish a secure channel with the server, which allows remote attackers to obtain authentication information without detection via a man-in-the-middle (MITM) attack that bypasses TLS authentication or downgrades CRAM-MD5 authentication to plain authentication. • http://marc.info/?l=bugtraq&m=113028017608146&w=2 •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2005-2602
https://notcve.org/view.php?id=CVE-2005-2602
17 Aug 2005 — Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to obfuscate URIs via a long URI, which causes the address bar to go blank and could facilitate phishing attacks. • http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=1682 •