CVSS: 9.8EPSS: 9%CPEs: 26EXPL: 0CVE-2006-1726
https://notcve.org/view.php?id=CVE-2006-1726
14 Apr 2006 — Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the js_ValueToFunctionObject check and execute arbitrary code via unknown vectors involving setTimeout and Firefox' ForEach method. • http://secunia.com/advisories/19631 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 10%CPEs: 24EXPL: 2CVE-2005-4809 – Mozilla Suite/Firefox/Thunderbird - Nested Anchor Tag Status Bar Spoofing
https://notcve.org/view.php?id=CVE-2005-4809
31 Dec 2005 — Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag. • https://www.exploit-db.com/exploits/25221 •
CVSS: 6.4EPSS: 0%CPEs: 79EXPL: 0CVE-2005-4685
https://notcve.org/view.php?id=CVE-2005-4685
31 Dec 2005 — Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site. • http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0123.html •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2004-2225
https://notcve.org/view.php?id=CVE-2004-2225
31 Dec 2004 — Mozilla Firefox before 0.10.1 allows remote attackers to delete arbitrary files in the download directory via a crafted data: URI that is not properly handled when the user clicks the Save button. • http://secunia.com/advisories/12708 •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 1CVE-2004-1200
https://notcve.org/view.php?id=CVE-2004-1200
15 Dec 2004 — Firefox and Mozilla allow remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays. • http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/029434.html •