CVSS: 7.5EPSS: 87%CPEs: 22EXPL: 0CVE-2006-0294
https://notcve.org/view.php?id=CVE-2006-0294
Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 allow remote attackers to execute arbitrary code by changing an element's style from position:relative to position:static, which causes Gecko to operate on freed memory. • http://secunia.com/advisories/18700 http://secunia.com/advisories/18704 http://secunia.com/advisories/22065 http://securitytracker.com/id?1015570 http://www.mozilla.org/security/announce/2006/mfsa2006-02.html http://www.securityfocus.com/archive/1/446657/100/200/threaded http://www.securityfocus.com/bid/16476 http://www.vupen.com/english/advisories/2006/0413 http://www.vupen.com/english/advisories/2006/3749 https://bugzilla.mozilla.org/show_bug.cgi?id=317934 https://exc •
CVSS: 5.1EPSS: 2%CPEs: 7EXPL: 0CVE-2006-0236
https://notcve.org/view.php?id=CVE-2006-0236
GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-assisted attackers to execute arbitrary code via an attachment with a filename containing a large number of spaces ending with a dangerous extension that is not displayed by Thunderbird, along with an inconsistent Content-Type header, which could be used to trick a user into downloading dangerous content by dragging or saving the attachment. • http://secunia.com/advisories/15907 http://secunia.com/secunia_research/2005-22/advisory http://www.mandriva.com/security/advisories?name=MDKSA-2006:021 http://www.securityfocus.com/archive/1/422148/100/0/threaded http://www.securityfocus.com/bid/16271 http://www.vupen.com/english/advisories/2006/0230 https://bugzilla.mozilla.org/show_bug.cgi?id=300246 https://exchange.xforce.ibmcloud.com/vulnerabilities/24164 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.0EPSS: 11%CPEs: 24EXPL: 2CVE-2005-4809 – Mozilla Suite/Firefox/Thunderbird - Nested Anchor Tag Status Bar Spoofing
https://notcve.org/view.php?id=CVE-2005-4809
Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag. • https://www.exploit-db.com/exploits/25221 http://marc.info/?l=full-disclosure&m=111073068631287&w=2 http://secunia.com/advisories/14568 http://securitytracker.com/id?1013423 http://www.osvdb.org/14885 http://www.securityfocus.com/bid/12798 http://www.vupen.com/english/advisories/2005/0260 https://exchange.xforce.ibmcloud.com/vulnerabilities/19540 •
CVSS: 2.6EPSS: 0%CPEs: 2EXPL: 0CVE-2005-3402
https://notcve.org/view.php?id=CVE-2005-3402
The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly other versions, does not notify users when it cannot establish a secure channel with the server, which allows remote attackers to obtain authentication information without detection via a man-in-the-middle (MITM) attack that bypasses TLS authentication or downgrades CRAM-MD5 authentication to plain authentication. • http://marc.info/?l=bugtraq&m=113028017608146&w=2 http://marc.info/?l=bugtraq&m=113034421329653&w=2 http://www.securityfocus.com/bid/15106 https://bugzilla.mozilla.org/show_bug.cgi?id=311657 •
CVSS: 2.6EPSS: 0%CPEs: 2EXPL: 1CVE-2005-2602
https://notcve.org/view.php?id=CVE-2005-2602
Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to obfuscate URIs via a long URI, which causes the address bar to go blank and could facilitate phishing attacks. • http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=1682 http://www.securityfocus.com/archive/1/407704 http://www.securityfocus.com/bid/14526 •