CVE-2006-3807
https://notcve.org/view.php?id=CVE-2006-3807
Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object() constructor to return a reference to a privileged object and calling "named JavaScript functions" that use the constructor. Mozilla Firefox anterior a 1.5.0.5, Thunderbird anterior a 1.5.0.5, y SeaMonkey anterior a 1.0.3 permite a atacantes remotos ejecutar código de su elección a través de la secuencia de comandos que cambian el constructor Object() estandar para retornar a la referencia a un objeto privilegiado y la llamada a las "funciones JavaScript" que usa el constructor. • ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc http://rhn.redhat.com/errata/RHSA-2006-0609.html http://secunia.com/advisories/19873 http://secunia.com/advisories/21216 http://secunia.com/advisories/21228 http://secunia.com/advisories/21229 http://secunia.com/advisories/21243 http://secunia.com/advisories/21246 http://secunia.com/advisories/21250 http://secunia.com/advisories/21262 http://secunia.com/advisories/21269 http://secunia.com/advisories •
CVE-2006-3677 – Mozilla Firefox Javascript navigator Object Vulnerability
https://notcve.org/view.php?id=CVE-2006-3677
Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a crash that leads to code execution. Mozilla Firefox 1.5 anterior a 1.5.0.5 y SeaMonkey anterior a 1.0.3 permite a atacantes remotos ejecutar código de su elección cambiando ciertas propiedades del objeto de la ventana de navegación (window.navigator) que es accedido cuando comienza Java, lo cual provoca un caida que desemboca en una ejecución de código. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of the Mozilla Firefox web browser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The flaw exists when assigning specific values to the window.navigator object. A lack of checking on assignment causes user supplied data to be later used in the creation of other objects leading to eventual code execution. • https://www.exploit-db.com/exploits/2082 https://www.exploit-db.com/exploits/9946 https://www.exploit-db.com/exploits/16300 ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc http://rhn.redhat.com/errata/RHSA-2006-0609.html http://secunia.com/advisories/19873 http://secunia.com/advisories/21216 http://secunia.com/advisories/21229 http://secunia.com/advisories/21243 http://secunia.com/advisories/21246 http://secunia.com/advisories/21262 http:/ • CWE-16: Configuration •
CVE-2006-2894 – Mozilla Firefox 1.x - JavaScript Key Filtering
https://notcve.org/view.php?id=CVE-2006-2894
Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form. • https://www.exploit-db.com/exploits/27987 https://www.exploit-db.com/exploits/27986 http://archives.neohapsis.com/archives/bugtraq/2007-02/0166.html http://archives.neohapsis.com/archives/bugtraq/2007-02/0187.html http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://lcamtuf.coredump.cx/focusbug http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html http://lists.virus.org/full-disclosure-0702/msg00225.html http://secunia.com/advisories • CWE-20: Improper Input Validation •
CVE-2006-2781 – (seamonkey): DOS/arbitrary code execution vuln with vcards
https://notcve.org/view.php?id=CVE-2006-2781
Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a VCard that contains invalid base64 characters. • http://rhn.redhat.com/errata/RHSA-2006-0609.html http://secunia.com/advisories/20382 http://secunia.com/advisories/20394 http://secunia.com/advisories/20709 http://secunia.com/advisories/21134 http://secunia.com/advisories/21178 http://secunia.com/advisories/21183 http://secunia.com/advisories/21210 http://secunia.com/advisories/21269 http://secunia.com/advisories/21324 http://secunia.com/advisories/21336 http://secunia.com/advisories/21607 http://secunia.com/advisories • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2006-2782
https://notcve.org/view.php?id=CVE-2006-2782
Firefox 1.5.0.2 does not fix all test cases associated with CVE-2006-1729, which allows remote attackers to read arbitrary files by inserting the target filename into a text box, then turning that box into a file upload control. • http://rhn.redhat.com/errata/RHSA-2006-0609.html http://secunia.com/advisories/20376 http://secunia.com/advisories/20561 http://secunia.com/advisories/21134 http://secunia.com/advisories/21176 http://secunia.com/advisories/21178 http://secunia.com/advisories/21183 http://secunia.com/advisories/21188 http://secunia.com/advisories/21269 http://secunia.com/advisories/21270 http://secunia.com/advisories/21324 http://secunia.com/advisories/21336 http://secunia.com/advisories • CWE-20: Improper Input Validation •