CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2006-1273
https://notcve.org/view.php?id=CVE-2006-1273
19 Mar 2006 — Mozilla Firefox 1.0.7 and 1.5.0.1 allows remote attackers to cause a denial of service (crash) via an HTML tag with a large number of script action handlers such as onload and onmouseover, which triggers the crash when the user views the page source. NOTE: Red Hat has disputed this issue, suggesting that "It is likely the reporter was running the IE Tab extension," and Mozilla also confirmed that this is not an issue in Firefox itself • http://osvdb.org/31833 •
CVSS: 9.8EPSS: 16%CPEs: 5EXPL: 0CVE-2006-0299
https://notcve.org/view.php?id=CVE-2006-0299
02 Feb 2006 — The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the same origin restrictions. • http://secunia.com/advisories/18700 •
CVSS: 9.1EPSS: 9%CPEs: 4EXPL: 1CVE-2006-0298
https://notcve.org/view.php?id=CVE-2006-0298
02 Feb 2006 — The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly read sensitive data via unknown attack vectors that trigger an out-of-bounds read. • http://secunia.com/advisories/18700 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 90%CPEs: 5EXPL: 0CVE-2006-0297
https://notcve.org/view.php?id=CVE-2006-0297
02 Feb 2006 — Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the (1) EscapeAttributeValue in jsxml.c for E4X, (2) nsSVGCairoSurface::Init in SVG, and (3) nsCanvasRenderingContext2D.cpp in Canvas. • http://secunia.com/advisories/18700 •
CVSS: 9.8EPSS: 96%CPEs: 4EXPL: 3CVE-2006-0295 – Mozilla Firefox 1.5 (Linux) - 'location.QueryInterface()' Code Execution
https://notcve.org/view.php?id=CVE-2006-0295
02 Feb 2006 — Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory corruption. • https://www.exploit-db.com/exploits/1474 •
CVSS: 9.8EPSS: 85%CPEs: 1EXPL: 0CVE-2006-0293
https://notcve.org/view.php?id=CVE-2006-0293
02 Feb 2006 — The function allocation code (js_NewFunction in jsfun.c) in Firefox 1.5 allows attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via user-defined methods that trigger garbage collection in a way that operates on freed objects. • http://secunia.com/advisories/18700 •
CVSS: 9.8EPSS: 81%CPEs: 22EXPL: 0CVE-2006-0294
https://notcve.org/view.php?id=CVE-2006-0294
02 Feb 2006 — Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 allow remote attackers to execute arbitrary code by changing an element's style from position:relative to position:static, which causes Gecko to operate on freed memory. • http://secunia.com/advisories/18700 •
CVSS: 9.8EPSS: 95%CPEs: 21EXPL: 0CVE-2006-0296
https://notcve.org/view.php?id=CVE-2006-0296
02 Feb 2006 — The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt •
CVSS: 9.8EPSS: 48%CPEs: 25EXPL: 0CVE-2006-0292
https://notcve.org/view.php?id=CVE-2006-0292
02 Feb 2006 — The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt •
CVSS: 6.1EPSS: 90%CPEs: 24EXPL: 2CVE-2006-0496 – Mozilla Firefox 1.0/1.5 XBL - MOZ-BINDING Property Cross-Domain Scripting
https://notcve.org/view.php?id=CVE-2006-0496
01 Feb 2006 — Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding (Cascading Style Sheets) CSS property, which does not require that the style sheet have the same origin as the web page, as demonstrated by the compromise of a large number of LiveJournal accounts. Vulnerabilidad de XSS en Mozilla 1.7.12 y posiblemente versiones a... • https://www.exploit-db.com/exploits/27150 •