CVSS: 6.1EPSS: 40%CPEs: 1EXPL: 0CVE-2006-2785
https://notcve.org/view.php?id=CVE-2006-2785
02 Jun 2006 — Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 1.5.0.4 allows user-assisted remote attackers to inject arbitrary web script or HTML by tricking a user into (1) performing a "View Image" on a broken image in which the SRC attribute contains a Javascript URL, or (2) selecting "Show only this frame" on a frame whose SRC attribute contains a Javascript URL. • http://rhn.redhat.com/errata/RHSA-2006-0609.html •
CVSS: 7.5EPSS: 94%CPEs: 2EXPL: 0CVE-2006-2782
https://notcve.org/view.php?id=CVE-2006-2782
02 Jun 2006 — Firefox 1.5.0.2 does not fix all test cases associated with CVE-2006-1729, which allows remote attackers to read arbitrary files by inserting the target filename into a text box, then turning that box into a file upload control. • http://rhn.redhat.com/errata/RHSA-2006-0609.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 54%CPEs: 25EXPL: 0CVE-2006-2777
https://notcve.org/view.php?id=CVE-2006-2777
02 Jun 2006 — Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to execute arbitrary code by using the nsISelectionPrivate interface of the Selection object to add a SelectionListener and create notifications that are executed in a privileged context. • http://secunia.com/advisories/20376 •
CVSS: 9.8EPSS: 82%CPEs: 47EXPL: 0CVE-2006-2776
https://notcve.org/view.php?id=CVE-2006-2776
02 Jun 2006 — Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended. • http://rhn.redhat.com/errata/RHSA-2006-0609.html •
CVSS: 7.5EPSS: 29%CPEs: 47EXPL: 0CVE-2006-2775
https://notcve.org/view.php?id=CVE-2006-2775
02 Jun 2006 — Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attributes with the wrong URL under certain unspecified circumstances, which might allow remote attackers to bypass restrictions by causing a persisted string to be associated with the wrong URL. • http://secunia.com/advisories/20376 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 41%CPEs: 2EXPL: 0CVE-2006-2778
https://notcve.org/view.php?id=CVE-2006-2778
02 Jun 2006 — The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow. • http://rhn.redhat.com/errata/RHSA-2006-0609.html •
CVSS: 7.5EPSS: 58%CPEs: 1EXPL: 2CVE-2006-2723 – Mozilla Firefox 1.5.0.4 - 'marquee' Denial of Service
https://notcve.org/view.php?id=CVE-2006-2723
01 Jun 2006 — Unspecified versions of Mozilla Firefox allow remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags. NOTE: a followup post indicated that the initial report could not be verified. • https://www.exploit-db.com/exploits/1867 •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 1CVE-2006-2613
https://notcve.org/view.php?id=CVE-2006-2613
26 May 2006 — Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other versions before before 1.8.0, and Netscape 7.2 and 8.1, and possibly other versions and products, allows remote user-assisted attackers to obtain information such as the installation path by causing exceptions to be thrown and checking the message contents. • http://secunia.com/advisories/20244 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2006-2538
https://notcve.org/view.php?id=CVE-2006-2538
22 May 2006 — IE Tab 1.0.9 plugin for Mozilla Firefox 1.5.0.3 allows remote user-assisted attackers to cause a denial of service (application crash), possibly due to a null dereference, via certain Javascript, as demonstrated using a url parameter to the content/reloaded.html page in a chrome:// URI. Some third-party researchers claim that they are unable to reproduce this vulnerability. • http://www.securityfocus.com/archive/1/434280/100/0/threaded •
CVSS: 6.5EPSS: 2%CPEs: 1EXPL: 0CVE-2006-2332
https://notcve.org/view.php?id=CVE-2006-2332
12 May 2006 — Mozilla Firefox 1.5.0.3 allows remote attackers to cause a denial of service via a web page with a large number of IMG elements in which the SRC attribute is a mailto URI. NOTE: another researcher found that the web page caused a temporary browser slowdown instead of a crash. • http://securityreason.com/securityalert/876 •