CVSS: 9.3EPSS: 97%CPEs: 43EXPL: 0CVE-2006-2779
https://notcve.org/view.php?id=CVE-2006-2779
Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption. • http://rhn.redhat.com/errata/RHSA-2006-0609.html http://secunia.com/advisories/20376 http://secunia.com/advisories/20382 http://secunia.com/advisories/20561 http://secunia.com/advisories/20709 http://secunia.com/advisories/21134 http://secunia.com/advisories/21176 http://secunia.com/advisories/21178 http://secunia.com/advisories/21183 http://secunia.com/advisories/21188 http://secunia.com/advisories/21210 http://secunia.com/advisories/21269 http://secunia.com/advisories&#x • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2004-2226
https://notcve.org/view.php?id=CVE-2004-2226
Mozilla Mail 1.7.1 and 1.7.3, and Thunderbird before 0.9, when HTML-Mails is enabled, allows remote attackers to determine valid e-mail addresses via an HTML e-mail that references a Cascading Style Sheets (CSS) document on the attacker's server. • http://archives.neohapsis.com/archives/fulldisclosure/2004-11/0070.html http://secunia.com/advisories/13086 http://www.osvdb.org/11394 https://exchange.xforce.ibmcloud.com/vulnerabilities/17949 •