CVSS: 4.3EPSS: 14%CPEs: 2EXPL: 0CVE-2006-2783
https://notcve.org/view.php?id=CVE-2006-2783
Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte-order-Mark (BOM) from a UTF-8 page before the page is passed to the parser, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a BOM sequence in the middle of a dangerous tag such as SCRIPT. • http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://rhn.redhat.com/errata/RHSA-2006-0609.html http://secunia.com/advisories/20376 http://secunia.com/advisories/20382 http://secunia.com/advisories/20561 http://secunia.com/advisories/20709 http://secunia.com/advisories/21134 http://secunia.com/advisories/21176 http://secunia.com/advisories/21178 http://secunia.com/advisories/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 50%CPEs: 2EXPL: 0CVE-2006-2780
https://notcve.org/view.php?id=CVE-2006-2780
Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via "jsstr tagify," which leads to memory corruption. • http://rhn.redhat.com/errata/RHSA-2006-0609.html http://secunia.com/advisories/20376 http://secunia.com/advisories/20382 http://secunia.com/advisories/20561 http://secunia.com/advisories/20709 http://secunia.com/advisories/21134 http://secunia.com/advisories/21176 http://secunia.com/advisories/21178 http://secunia.com/advisories/21183 http://secunia.com/advisories/21188 http://secunia.com/advisories/21210 http://secunia.com/advisories/21269 http://secunia.com/advisories&#x • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.4EPSS: 31%CPEs: 2EXPL: 0CVE-2006-2781 – (seamonkey): DOS/arbitrary code execution vuln with vcards
https://notcve.org/view.php?id=CVE-2006-2781
Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a VCard that contains invalid base64 characters. • http://rhn.redhat.com/errata/RHSA-2006-0609.html http://secunia.com/advisories/20382 http://secunia.com/advisories/20394 http://secunia.com/advisories/20709 http://secunia.com/advisories/21134 http://secunia.com/advisories/21178 http://secunia.com/advisories/21183 http://secunia.com/advisories/21210 http://secunia.com/advisories/21269 http://secunia.com/advisories/21324 http://secunia.com/advisories/21336 http://secunia.com/advisories/21607 http://secunia.com/advisories&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 97%CPEs: 43EXPL: 0CVE-2006-2779
https://notcve.org/view.php?id=CVE-2006-2779
Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption. • http://rhn.redhat.com/errata/RHSA-2006-0609.html http://secunia.com/advisories/20376 http://secunia.com/advisories/20382 http://secunia.com/advisories/20561 http://secunia.com/advisories/20709 http://secunia.com/advisories/21134 http://secunia.com/advisories/21176 http://secunia.com/advisories/21178 http://secunia.com/advisories/21183 http://secunia.com/advisories/21188 http://secunia.com/advisories/21210 http://secunia.com/advisories/21269 http://secunia.com/advisories&#x • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 20%CPEs: 47EXPL: 0CVE-2006-2775
https://notcve.org/view.php?id=CVE-2006-2775
Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attributes with the wrong URL under certain unspecified circumstances, which might allow remote attackers to bypass restrictions by causing a persisted string to be associated with the wrong URL. • http://secunia.com/advisories/20376 http://secunia.com/advisories/20382 http://secunia.com/advisories/20561 http://secunia.com/advisories/20709 http://secunia.com/advisories/21176 http://secunia.com/advisories/21178 http://secunia.com/advisories/21183 http://secunia.com/advisories/21188 http://secunia.com/advisories/21210 http://secunia.com/advisories/21324 http://secunia.com/advisories/21532 http://secunia.com/advisories/21607 http://secunia.com/advisories/22065 http:/& • CWE-264: Permissions, Privileges, and Access Controls •