CVSS: 6.5EPSS: 2%CPEs: 30EXPL: 0CVE-2006-1740
https://notcve.org/view.php?id=CVE-2006-1740
14 Apr 2006 — Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt •
CVSS: 9.8EPSS: 14%CPEs: 30EXPL: 0CVE-2006-1742
https://notcve.org/view.php?id=CVE-2006-1742
14 Apr 2006 — The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger operations on freed memory and cause memory corruption. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt •
CVSS: 6.1EPSS: 12%CPEs: 24EXPL: 2CVE-2006-0496 – Mozilla Firefox 1.0/1.5 XBL - MOZ-BINDING Property Cross-Domain Scripting
https://notcve.org/view.php?id=CVE-2006-0496
01 Feb 2006 — Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding (Cascading Style Sheets) CSS property, which does not require that the style sheet have the same origin as the web page, as demonstrated by the compromise of a large number of LiveJournal accounts. Vulnerabilidad de XSS en Mozilla 1.7.12 y posiblemente versiones a... • https://www.exploit-db.com/exploits/27150 •
CVSS: 6.5EPSS: 10%CPEs: 24EXPL: 2CVE-2005-4809 – Mozilla Suite/Firefox/Thunderbird - Nested Anchor Tag Status Bar Spoofing
https://notcve.org/view.php?id=CVE-2005-4809
31 Dec 2005 — Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag. • https://www.exploit-db.com/exploits/25221 •
CVSS: 6.4EPSS: 0%CPEs: 79EXPL: 0CVE-2005-4685
https://notcve.org/view.php?id=CVE-2005-4685
31 Dec 2005 — Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site. • http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0123.html •
CVSS: 9.8EPSS: 8%CPEs: 12EXPL: 0CVE-2005-2701
https://notcve.org/view.php?id=CVE-2005-2701
23 Sep 2005 — Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to execute arbitrary code via an XBM image file that ends in a large number of spaces instead of the expected end tag. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt •
CVSS: 9.8EPSS: 7%CPEs: 12EXPL: 0CVE-2005-2702
https://notcve.org/view.php?id=CVE-2005-2702
23 Sep 2005 — Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Unicode sequences with "zero-width non-joiner" characters. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt •
CVSS: 9.1EPSS: 4%CPEs: 12EXPL: 0CVE-2005-2703
https://notcve.org/view.php?id=CVE-2005-2703
23 Sep 2005 — Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 2%CPEs: 12EXPL: 0CVE-2005-2704
https://notcve.org/view.php?id=CVE-2005-2704
23 Sep 2005 — Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spoof DOM objects via an XBL control that implements an internal XPCOM interface. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt •
CVSS: 9.8EPSS: 7%CPEs: 12EXPL: 0CVE-2005-2705
https://notcve.org/view.php?id=CVE-2005-2705
23 Sep 2005 — Integer overflow in the JavaScript engine in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 might allow remote attackers to execute arbitrary code. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt •