Page 254 of 1298 results (0.011 seconds)

CVSS: 9.3EPSS: 95%CPEs: 18EXPL: 3

CVE-2006-0884 – Mozilla (Multiple Products) - iFrame JavaScript Execution

https://notcve.org/view.php?id=CVE-2006-0884

The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail. • https://www.exploit-db.com/exploits/27257 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html http://secunia.com/advisories/19721 http://secunia.com/advisories/19811 http://secunia.com/advisories/19821 http://secunia.com/advisories/19823 http://secunia.com/advisories/19863 http://secunia.com/advisories/19902 • CWE-20: Improper Input Validation •

CVSS: 2.6EPSS: 1%CPEs: 1EXPL: 3

CVE-2006-0836 – Mozilla Thunderbird 1.5 - Address Book Import Remote Denial of Service

https://notcve.org/view.php?id=CVE-2006-0836

Mozilla Thunderbird 1.5 allows user-assisted attackers to cause an unspecified denial of service by tricking the user into importing an LDIF file with a long field into the address book, as demonstrated by a long homePhone field. • https://www.exploit-db.com/exploits/27246 http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0399.html http://securityreason.com/securityalert/469 http://www.securityfocus.com/archive/1/425602/100/0/threaded http://www.securityfocus.com/bid/16716 https://exchange.xforce.ibmcloud.com/vulnerabilities/24810 •

CVSS: 6.4EPSS: 17%CPEs: 5EXPL: 0

CVE-2006-0299

https://notcve.org/view.php?id=CVE-2006-0299

The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the same origin restrictions. • http://secunia.com/advisories/18700 http://secunia.com/advisories/18704 http://secunia.com/advisories/22065 http://securitytracker.com/id?1015570 http://www.mozilla.org/security/announce/2006/mfsa2006-08.html http://www.securityfocus.com/archive/1/446657/100/200/threaded http://www.securityfocus.com/bid/16476 http://www.vupen.com/english/advisories/2006/0413 http://www.vupen.com/english/advisories/2006/3749 https://bugzilla.mozilla.org/show_bug.cgi?id=322312 https://exc •

CVSS: 5.1EPSS: 93%CPEs: 5EXPL: 0

CVE-2006-0297

https://notcve.org/view.php?id=CVE-2006-0297

Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the (1) EscapeAttributeValue in jsxml.c for E4X, (2) nsSVGCairoSurface::Init in SVG, and (3) nsCanvasRenderingContext2D.cpp in Canvas. • http://secunia.com/advisories/18700 http://secunia.com/advisories/18704 http://secunia.com/advisories/22065 http://securitytracker.com/id?1015570 http://www.mozilla.org/security/announce/2006/mfsa2006-06.html http://www.securityfocus.com/archive/1/446657/100/200/threaded http://www.securityfocus.com/bid/16476 http://www.vupen.com/english/advisories/2006/0413 http://www.vupen.com/english/advisories/2006/3749 https://bugzilla.mozilla.org/show_bug.cgi?id=319872 https://bug •

CVSS: 7.5EPSS: 87%CPEs: 22EXPL: 0

CVE-2006-0294

https://notcve.org/view.php?id=CVE-2006-0294

Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 allow remote attackers to execute arbitrary code by changing an element's style from position:relative to position:static, which causes Gecko to operate on freed memory. • http://secunia.com/advisories/18700 http://secunia.com/advisories/18704 http://secunia.com/advisories/22065 http://securitytracker.com/id?1015570 http://www.mozilla.org/security/announce/2006/mfsa2006-02.html http://www.securityfocus.com/archive/1/446657/100/200/threaded http://www.securityfocus.com/bid/16476 http://www.vupen.com/english/advisories/2006/0413 http://www.vupen.com/english/advisories/2006/3749 https://bugzilla.mozilla.org/show_bug.cgi?id=317934 https://exc •