CVE-2007-1794
https://notcve.org/view.php?id=CVE-2007-1794
The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, and 10 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used. NOTE: this issue might be related to CVE-2006-3805. El motor de Javascript en Mozilla 1.7 y anteriores en Sun Solaris 8, 9, y 10 podría permitir a atacantes remotos ejecutar código de su elección a través de vectores que afectan al colector de basura que provoca el borrado de un objeto temporal que todavía se está utilizando. NOTA: este asunto podría estar relacionado con CVE-2006-3805. • http://secunia.com/advisories/24624 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102865-1 http://www.vupen.com/english/advisories/2007/1178 •
CVE-2006-6498
https://notcve.org/view.php?id=CVE-2006-6498
Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown impact and attack vectors. Múltiples vulnerabilidades en el motor de JavaScript para Mozilla Firefox 2.x anterior a 2.0.0.1, 1.5.x anterior a 1.5.0.9, Thunderbird anterior a 1.5.0.9, y SeaMonkey anterior a 1.0.7 y Mozilla 1.7 y puede que versiones anteriores en Solaris; permiten a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída) y posiblemente ejecutar código de su elección mediante vectores desconocidos, teniendo impacto desconocido. • ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc http://fedoranews.org/cms/node/2297 http://fedoranews.org/cms/node/2338 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://rhn.redhat.com/errata/RHSA-2006-0758.html http://rhn.redhat.com/errata/RHSA-2006-0759.html http://rhn.redhat.com/errata/RHSA-2006-0760.html http://secunia.com/advisories/23282 http://secunia.com/advisories/23420 http://secunia.com/advisories& •
CVE-2006-2894 – Mozilla Firefox 1.x - JavaScript Key Filtering
https://notcve.org/view.php?id=CVE-2006-2894
Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form. • https://www.exploit-db.com/exploits/27987 https://www.exploit-db.com/exploits/27986 http://archives.neohapsis.com/archives/bugtraq/2007-02/0166.html http://archives.neohapsis.com/archives/bugtraq/2007-02/0187.html http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://lcamtuf.coredump.cx/focusbug http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html http://lists.virus.org/full-disclosure-0702/msg00225.html http://secunia.com/advisories • CWE-20: Improper Input Validation •
CVE-2006-2613
https://notcve.org/view.php?id=CVE-2006-2613
Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other versions before before 1.8.0, and Netscape 7.2 and 8.1, and possibly other versions and products, allows remote user-assisted attackers to obtain information such as the installation path by causing exceptions to be thrown and checking the message contents. • http://secunia.com/advisories/20244 http://secunia.com/advisories/20255 http://secunia.com/advisories/20256 http://secunia.com/advisories/21532 http://securityreason.com/securityalert/960 http://www.mandriva.com/security/advisories?name=MDKSA-2006:143 http://www.mandriva.com/security/advisories?name=MDKSA-2006:145 http://www.securityfocus.com/archive/1/434696/100/0/threaded https://bugzilla.mozilla.org/attachment.cgi?id=164547 https://bugzilla.mozilla.org/show_bug.cgi?id=267645 https • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2006-1737
https://notcve.org/view.php?id=CVE-2006-1737
Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary bytecode via JavaScript with a large regular expression. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html http://secunia.com/advisories/19631 http://secunia.com/advisories/19696 http://secunia.com/advisories/19714 http://secunia.com/advisories/19721 http://secunia.com/advisories/19729 http://secunia.com/advisories/19746 http://secunia.com/advisories/19759 http: • CWE-189: Numeric Errors •