CVSS: 9.8EPSS: 13%CPEs: 29EXPL: 0CVE-2006-5748 – seamonkey < 1.0.6 multiple vulnerabilities
https://notcve.org/view.php?id=CVE-2006-5748
08 Nov 2006 — Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger memory corruption. Múltiples vulnerabilidades sin especificar en el motor de JavaScript en el Mozilla Firefox anterior al 1.5.0.8, en el Thunderbird anterior al 1.5.0.8 y en el SeaMonkey anterior al 1.0.6 permiten a atacantes r... • ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P •
CVSS: 7.5EPSS: 36%CPEs: 27EXPL: 0CVE-2006-5464
https://notcve.org/view.php?id=CVE-2006-5464
08 Nov 2006 — Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) via unspecified vectors. Múltiples vulnerabilidades sin especificar en el diseño del motor del Mozilla Firefox en versiones anteriores a la 1.5.0.8, del Thunderbird en versiones anteriores a la 1.5.0.8 y del SeaMonkey en versiones anteriores a la 1.0.6, permite a atacantes remotos provocar una denegació... • ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P •
CVSS: 7.5EPSS: 83%CPEs: 28EXPL: 0CVE-2006-5462
https://notcve.org/view.php?id=CVE-2006-5462
08 Nov 2006 — Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340. La biblioteca Mozilla Network Security Service (NSS) e... • ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P •
CVSS: 9.1EPSS: 24%CPEs: 29EXPL: 0CVE-2006-5747
https://notcve.org/view.php?id=CVE-2006-5747
08 Nov 2006 — Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary code via the XML.prototype.hasOwnProperty JavaScript function. Vulnerabilidad sin especificar en el Mozilla Firefox anterior al 1.5.0.8, en el Thunderbird anterior al 1.5.0.8 y en el SeaMonkey anterior al 1.0.6 permite a atacantes remotos la ejecución de código de su elección mediante la función de JavaScript XML.prototype.hasOwnProperty • ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-5783
https://notcve.org/view.php?id=CVE-2006-5783
07 Nov 2006 — Firefox 1.5.0.7 on Kubuntu Linux allows remote attackers to cause a denial of service (crash) via a long URL in an A tag. NOTE: this issue has been disputed by several vendors, who could not reproduce the report. In addition, the scope of the impact - system freeze - suggests an issue that is not related to Firefox. Due to this impact, CVE concurs with the dispute ** IMPUGNADO ** Firefox 1.5.0.7 en Kubuntu Linux permite a atacantes remotos provocar una denegación de servicio (caída) mediante una URL larga e... • http://www.securityfocus.com/archive/1/450398/100/0/threaded •
CVSS: 7.5EPSS: 40%CPEs: 3EXPL: 6CVE-2006-5633 – Mozilla Firefox 1.5.0.7/2.0 - 'createRange' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2006-5633
31 Oct 2006 — Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers to cause a denial of service (crash) by creating a range object using createRange, calling selectNode on a DocType node (DOCUMENT_TYPE_NODE), then calling createContextualFragment on the range, which triggers a null dereference. NOTE: the original Bugtraq post mentioned that code execution was possible, but followup analysis has shown that it is only a null dereference. Firefox 1.5.0.7 y 2.0, y Seamonkey 1.1b, permite a atacantes remotos p... • https://www.exploit-db.com/exploits/2695 •
CVSS: 8.1EPSS: 0%CPEs: 30EXPL: 0CVE-2006-5160
https://notcve.org/view.php?id=CVE-2006-5160
03 Oct 2006 — Multiple unspecified vulnerabilities in Mozilla Firefox have unspecified vectors and impact, as claimed during ToorCon 2006. NOTE: the vendor and original researchers have released a follow-up comment disputing this issue, in which one researcher states that "I have no undisclosed Firefox vulnerabilities. The person who was speaking with me made this claim, and I honestly have no idea if he has them or not. ** IMPUGNADA ** Múltiples vulnerabilidades en Mozilla Firefox tienen vectores e impacto no especifica... • http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon •
CVSS: 8.8EPSS: 46%CPEs: 30EXPL: 0CVE-2006-5159
https://notcve.org/view.php?id=CVE-2006-5159
03 Oct 2006 — Stack-based buffer overflow in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving JavaScript. NOTE: the vendor and original researchers have released a follow-up comment disputing the severity of this issue, in which the researcher states that "we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this... I have not succee... • http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2006-4569
https://notcve.org/view.php?id=CVE-2006-4569
15 Sep 2006 — The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks. El bloqueador de ventanas emergentes de Mozilla Firefox anterior a 1.5.0.7 abre las "vetanas emergentes bloqueadas" mostrando el contexto de la barra de localización en vez del subframe en el cual el popup se originó, que pu... • http://secunia.com/advisories/21949 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2006-4568
https://notcve.org/view.php?id=CVE-2006-4568
15 Sep 2006 — Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows remote attackers to bypass the security model and inject content into the sub-frame of another site via targetWindow.frames[n].document.open(), which facilitates spoofing and other attacks. Mozilla FireFox anterior a 1.5.0.7 y SeaMonkey anterior a 1.0.5 permite a un atacante remoto evitar el modelo de seguridad e inyectar contenidos dentro de una sub-estructura de otro sitio a través de targetWindow.frames[n].document.open(), el cual facilita ... • ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •