CVSS: 9.3EPSS: 22%CPEs: 27EXPL: 0CVE-2006-0748 – Mozilla Firefox Table Rebuilding Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2006-0748
Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via "an invalid and non-sensical ordering of table-related tags" that results in a negative array index. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of the Mozilla/Firefox web browser and Thunderbird e-mail client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious e-mail. The specific flaw exists within the routine RebuildConsideringRows() during the rebuilding of nonsensical table tags. When the Mozilla engine attempts to fix the malformed table, an attacker is capable of triggering a memory corruption that can lead to code execution from user-supplied data. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc http://secunia.com/advisories/19759 http://secunia.com/advisories/19794 http://secunia.com/advisories/19811 http://secunia.com/advisories/19821 http://secunia.com/advisories/19823 http://secunia.com/advisories/19852 http://secunia.com/advisories/19862 http://secunia.com/advisories/19863 http://secunia.com/advisories/19902 http:& • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 20%CPEs: 4EXPL: 0CVE-2006-1530
https://notcve.org/view.php?id=CVE-2006-1530
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt http://secunia.com/advisories/19631 http://secunia.com/advisories/19649 http://secunia.com/advisories/19863 http://secunia.com/advisories/19941 http://secunia.com/advisories/21033 http://secunia.com/advisories/22065 http://secunia.com/advisories/22066 http://securitytracker.com/id?1015919 http://securitytracker.com/id?1015920 http://securitytracker.com/id?1015921 http://www.debian.org/security/2006/ds •
CVSS: 4.3EPSS: 7%CPEs: 23EXPL: 0CVE-2006-1732
https://notcve.org/view.php?id=CVE-2006-1732
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting (XSS) attacks via unspecified vectors involving the window.controllers array. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html http://secunia.com/advisories/19631 http://secunia.com/advisories/19696 http://secunia.com/advisories/19714 http://secunia.com/advisories/19721 http://secunia.com/advisories/19729 http://secunia.com/advisories/19746 http://secunia.com/advisories/19759 http:&#x •
CVSS: 7.5EPSS: 9%CPEs: 4EXPL: 0CVE-2006-1531
https://notcve.org/view.php?id=CVE-2006-1531
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt http://secunia.com/advisories/19631 http://secunia.com/advisories/19649 http://secunia.com/advisories/19863 http://secunia.com/advisories/19941 http://secunia.com/advisories/21033 http://secunia.com/advisories/22065 http://secunia.com/advisories/22066 http://securitytracker.com/id?1015919 http://securitytracker.com/id?1015920 http://securitytracker.com/id?1015921 http://www.debian.org/security/2006/ds •
CVSS: 2.6EPSS: 3%CPEs: 1EXPL: 2CVE-2006-1045 – Mozilla Thunderbird 1.5 - Multiple Remote Information Disclosure Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-1045
The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP address, when the user reads the email and the external image is accessed. • https://www.exploit-db.com/exploits/27337 http://secunia.com/advisories/19821 http://secunia.com/advisories/19823 http://secunia.com/advisories/19863 http://secunia.com/advisories/19902 http://secunia.com/advisories/19941 http://secunia.com/advisories/19950 http://secunia.com/advisories/20051 http://secunia.com/advisories/22065 http://securityreason.com/securityalert/514 http://www.debian.org/security/2006/dsa-1046 http://www.debian.org/security/2006/dsa-1051 http:/&#x •