CVSS: 5.1EPSS: 93%CPEs: 5EXPL: 0CVE-2006-0297
https://notcve.org/view.php?id=CVE-2006-0297
Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the (1) EscapeAttributeValue in jsxml.c for E4X, (2) nsSVGCairoSurface::Init in SVG, and (3) nsCanvasRenderingContext2D.cpp in Canvas. • http://secunia.com/advisories/18700 http://secunia.com/advisories/18704 http://secunia.com/advisories/22065 http://securitytracker.com/id?1015570 http://www.mozilla.org/security/announce/2006/mfsa2006-06.html http://www.securityfocus.com/archive/1/446657/100/200/threaded http://www.securityfocus.com/bid/16476 http://www.vupen.com/english/advisories/2006/0413 http://www.vupen.com/english/advisories/2006/3749 https://bugzilla.mozilla.org/show_bug.cgi?id=319872 https://bug •
CVSS: 5.1EPSS: 97%CPEs: 4EXPL: 3CVE-2006-0295 – Mozilla Firefox 1.5 (Linux) - 'location.QueryInterface()' Code Execution
https://notcve.org/view.php?id=CVE-2006-0295
Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory corruption. Mozilla Firefox versions 1.5 and below remote command execution interface that makes use of location.QueryInterface(). Max OS X version. • https://www.exploit-db.com/exploits/1474 https://www.exploit-db.com/exploits/16301 https://www.exploit-db.com/exploits/1480 http://secunia.com/advisories/18700 http://secunia.com/advisories/18704 http://secunia.com/advisories/22065 http://securitytracker.com/id?1015570 http://www.kb.cert.org/vuls/id/759273 http://www.mozilla.org/security/announce/2006/mfsa2006-04.html http://www.securityfocus.com/archive/1/446657/100/200/threaded http://www.securityfocus.com/bid/ •
CVSS: 7.5EPSS: 87%CPEs: 22EXPL: 0CVE-2006-0294
https://notcve.org/view.php?id=CVE-2006-0294
Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 allow remote attackers to execute arbitrary code by changing an element's style from position:relative to position:static, which causes Gecko to operate on freed memory. • http://secunia.com/advisories/18700 http://secunia.com/advisories/18704 http://secunia.com/advisories/22065 http://securitytracker.com/id?1015570 http://www.mozilla.org/security/announce/2006/mfsa2006-02.html http://www.securityfocus.com/archive/1/446657/100/200/threaded http://www.securityfocus.com/bid/16476 http://www.vupen.com/english/advisories/2006/0413 http://www.vupen.com/english/advisories/2006/3749 https://bugzilla.mozilla.org/show_bug.cgi?id=317934 https://exc •
CVSS: 5.1EPSS: 2%CPEs: 7EXPL: 0CVE-2006-0236
https://notcve.org/view.php?id=CVE-2006-0236
GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-assisted attackers to execute arbitrary code via an attachment with a filename containing a large number of spaces ending with a dangerous extension that is not displayed by Thunderbird, along with an inconsistent Content-Type header, which could be used to trick a user into downloading dangerous content by dragging or saving the attachment. • http://secunia.com/advisories/15907 http://secunia.com/secunia_research/2005-22/advisory http://www.mandriva.com/security/advisories?name=MDKSA-2006:021 http://www.securityfocus.com/archive/1/422148/100/0/threaded http://www.securityfocus.com/bid/16271 http://www.vupen.com/english/advisories/2006/0230 https://bugzilla.mozilla.org/show_bug.cgi?id=300246 https://exchange.xforce.ibmcloud.com/vulnerabilities/24164 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.0EPSS: 11%CPEs: 24EXPL: 2CVE-2005-4809 – Mozilla Suite/Firefox/Thunderbird - Nested Anchor Tag Status Bar Spoofing
https://notcve.org/view.php?id=CVE-2005-4809
Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag. • https://www.exploit-db.com/exploits/25221 http://marc.info/?l=full-disclosure&m=111073068631287&w=2 http://secunia.com/advisories/14568 http://securitytracker.com/id?1013423 http://www.osvdb.org/14885 http://www.securityfocus.com/bid/12798 http://www.vupen.com/english/advisories/2005/0260 https://exchange.xforce.ibmcloud.com/vulnerabilities/19540 •