CVSS: 4.3EPSS: 20%CPEs: 30EXPL: 0CVE-2006-1731
https://notcve.org/view.php?id=CVE-2006-1731
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are called without any arguments, which allows remote attackers to conduct cross-site scripting (XSS) attacks. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html http://secunia.com/advisories/19631 http://secunia.com/advisories/19696 http://secunia.com/advisories/19714 http://secunia.com/advisories/19721 http://secunia.com/advisories/19729 http://secunia.com/advisories/19746 http://secunia.com/advisories/19759 http:&#x • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 97%CPEs: 30EXPL: 1CVE-2006-1734
https://notcve.org/view.php?id=CVE-2006-1734
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using the Object.watch method to access the "clone parent" internal function. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html http://secunia.com/advisories/19631 http://secunia.com/advisories/19696 http://secunia.com/advisories/19714 http://secunia.com/advisories/19721 http://secunia.com/advisories/19729 http://secunia.com/advisories/19746 http://secunia.com/advisories/19759 http:&#x •
CVSS: 9.3EPSS: 22%CPEs: 27EXPL: 0CVE-2006-0748 – Mozilla Firefox Table Rebuilding Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2006-0748
Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via "an invalid and non-sensical ordering of table-related tags" that results in a negative array index. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of the Mozilla/Firefox web browser and Thunderbird e-mail client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious e-mail. The specific flaw exists within the routine RebuildConsideringRows() during the rebuilding of nonsensical table tags. When the Mozilla engine attempts to fix the malformed table, an attacker is capable of triggering a memory corruption that can lead to code execution from user-supplied data. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc http://secunia.com/advisories/19759 http://secunia.com/advisories/19794 http://secunia.com/advisories/19811 http://secunia.com/advisories/19821 http://secunia.com/advisories/19823 http://secunia.com/advisories/19852 http://secunia.com/advisories/19862 http://secunia.com/advisories/19863 http://secunia.com/advisories/19902 http:& • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 7%CPEs: 23EXPL: 0CVE-2006-1732
https://notcve.org/view.php?id=CVE-2006-1732
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting (XSS) attacks via unspecified vectors involving the window.controllers array. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html http://secunia.com/advisories/19631 http://secunia.com/advisories/19696 http://secunia.com/advisories/19714 http://secunia.com/advisories/19721 http://secunia.com/advisories/19729 http://secunia.com/advisories/19746 http://secunia.com/advisories/19759 http:&#x •
CVSS: 5.0EPSS: 96%CPEs: 21EXPL: 0CVE-2006-0296
https://notcve.org/view.php?id=CVE-2006-0296
The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U http://secunia.com/advisories/18700 http://secunia.com/advisories/18703 http://secunia.com/advisories/18704 http://secunia.com/advisories/18705 http://secunia.com/advisories/18706 http://secunia.com/advisories/18708 http://secunia.com/advisories/18709 http://secunia.com/advisories/19230 http://secunia.com/advisories/19746 http:/&#x •