CVSS: 9.8EPSS: 81%CPEs: 12EXPL: 0CVE-2006-3113
https://notcve.org/view.php?id=CVE-2006-3113
27 Jul 2006 — Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via simultaneous XPCOM events, which causes a timer object to be deleted in a way that triggers memory corruption. Mozilla Firefox 1.5 anterior a 1.5.0.5, Thunderbird anterior a 1.5.0.5, y SeaMonkey anterior a 1.0.3 permite a atacantes remotos provocar denegación de servicio (caida) y posiblemente ejecutar código de su ele... • ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc •
CVSS: 6.8EPSS: 61%CPEs: 12EXPL: 0CVE-2006-3810
https://notcve.org/view.php?id=CVE-2006-3810
27 Jul 2006 — Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the XPCNativeWrapper(window).Function construct. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en Mozilla Firefox 1.5 anterior a 1.5.0.5, Thunderbird anterior a 1.5.0.5, y SeaMonkey anterior a 1.0.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del construc... • ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc •
CVSS: 9.8EPSS: 5%CPEs: 9EXPL: 0CVE-2006-3808
https://notcve.org/view.php?id=CVE-2006-3808
27 Jul 2006 — Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote Proxy AutoConfig (PAC) servers to execute code with elevated privileges via a PAC script that sets the FindProxyForURL function to an eval method on a privileged object. Mozilla Firefox anterior a 1.5.0.5 y SeaMonkey anterior a 1.0.3 permite a servidores remotos Proxy AutoConfig (PAC) ejecutar código con privilegios elevados a través de secuencias de comandos PAC que asignan la función FindProxyForURL a un método eval sobre un objeto pr... • ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc •
CVSS: 6.1EPSS: 4%CPEs: 12EXPL: 0CVE-2006-3802
https://notcve.org/view.php?id=CVE-2006-3802
27 Jul 2006 — Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to hijack native DOM methods from objects in another domain and conduct cross-site scripting (XSS) attacks using DOM methods of the top-level object. Mozilla Firefox anterior a 1.5.0.5, Thunderbird anterior a1.5.0.5, y SeaMonkey anterior a 1.0.3 permite a atacantes remotos secuestrar metodos DOM nativos desde objetos en otros dominios y conducir ataques de secuencias de comandos en sitios cruzados ... • ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc •
CVSS: 9.8EPSS: 84%CPEs: 12EXPL: 0CVE-2006-3811
https://notcve.org/view.php?id=CVE-2006-3811
27 Jul 2006 — Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Javascript that leads to memory corruption, including (1) nsListControlFrame::FireMenuItemActiveEvent, (2) buffer overflows in the string class in out-of-memory conditions, (3) table row and column groups, (4) "anonymous box selectors outside of UA stylesheets," (5) stale references to "removed n... • ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc •
CVSS: 9.8EPSS: 43%CPEs: 9EXPL: 0CVE-2006-3801
https://notcve.org/view.php?id=CVE-2006-3801
27 Jul 2006 — Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 does not properly clear a JavaScript reference to a frame or window, which leaves a pointer to a deleted object that allows remote attackers to execute arbitrary native code. Mozilla Firefox 1.5 anterior a 1.5.0.5 y SeaMonkey anterior a 1.0.3 no limpia de forma adecuada una referencia JavaScript a un frame o window, lo caul deja un punterio a un objeto borrado que permite a atacantes remotos ejecutar código nativo de su elección. • ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc •
CVSS: 9.8EPSS: 94%CPEs: 12EXPL: 0CVE-2006-3803
https://notcve.org/view.php?id=CVE-2006-3803
27 Jul 2006 — Race condition in the JavaScript garbage collection in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code by causing the garbage collector to delete a temporary variable while it is still being used during the creation of a new Function object. Condición de carrera en el colector de basura JavaSCript en Mozilla Firefox 1.5 anterior a 1.5.0.5, Thunderbird anterior a 1.5.0.5, y SeaMonkey anterior a 1.0.3 podría perm... • ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc •
CVSS: 9.8EPSS: 88%CPEs: 12EXPL: 0CVE-2006-3807
https://notcve.org/view.php?id=CVE-2006-3807
27 Jul 2006 — Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object() constructor to return a reference to a privileged object and calling "named JavaScript functions" that use the constructor. Mozilla Firefox anterior a 1.5.0.5, Thunderbird anterior a 1.5.0.5, y SeaMonkey anterior a 1.0.3 permite a atacantes remotos ejecutar código de su elección a través de la secuencia de comandos que cambian ... • ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc •
CVSS: 9.8EPSS: 96%CPEs: 12EXPL: 0CVE-2006-3806
https://notcve.org/view.php?id=CVE-2006-3806
27 Jul 2006 — Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSource method of the Object, Array, and String objects; and (2) unspecified "string function arguments." Múltiples desbordamientos de búfer de enteros en el motor JavaScript en Mozilla Firefox anterior a 1.5.0.5, Thunderbird anterior a 1.5.0.5, y SeaMonkey anterior a... • ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 96%CPEs: 9EXPL: 3CVE-2006-3677 – Mozilla Firefox Javascript navigator Object Vulnerability
https://notcve.org/view.php?id=CVE-2006-3677
26 Jul 2006 — Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a crash that leads to code execution. Mozilla Firefox 1.5 anterior a 1.5.0.5 y SeaMonkey anterior a 1.0.3 permite a atacantes remotos ejecutar código de su elección cambiando ciertas propiedades del objeto de la ventana de navegación (window.navigator) que es accedid... • https://www.exploit-db.com/exploits/2082 • CWE-16: Configuration •