Page 258 of 1317 results (0.014 seconds)

CVSS: 2.6EPSS: 1%CPEs: 1EXPL: 3

Mozilla Thunderbird 1.5 allows user-assisted attackers to cause an unspecified denial of service by tricking the user into importing an LDIF file with a long field into the address book, as demonstrated by a long homePhone field. • https://www.exploit-db.com/exploits/27246 http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0399.html http://securityreason.com/securityalert/469 http://www.securityfocus.com/archive/1/425602/100/0/threaded http://www.securityfocus.com/bid/16716 https://exchange.xforce.ibmcloud.com/vulnerabilities/24810 •

CVSS: 6.4EPSS: 17%CPEs: 5EXPL: 0

The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the same origin restrictions. • http://secunia.com/advisories/18700 http://secunia.com/advisories/18704 http://secunia.com/advisories/22065 http://securitytracker.com/id?1015570 http://www.mozilla.org/security/announce/2006/mfsa2006-08.html http://www.securityfocus.com/archive/1/446657/100/200/threaded http://www.securityfocus.com/bid/16476 http://www.vupen.com/english/advisories/2006/0413 http://www.vupen.com/english/advisories/2006/3749 https://bugzilla.mozilla.org/show_bug.cgi?id=322312 https://exc •

CVSS: 5.1EPSS: 93%CPEs: 5EXPL: 0

Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the (1) EscapeAttributeValue in jsxml.c for E4X, (2) nsSVGCairoSurface::Init in SVG, and (3) nsCanvasRenderingContext2D.cpp in Canvas. • http://secunia.com/advisories/18700 http://secunia.com/advisories/18704 http://secunia.com/advisories/22065 http://securitytracker.com/id?1015570 http://www.mozilla.org/security/announce/2006/mfsa2006-06.html http://www.securityfocus.com/archive/1/446657/100/200/threaded http://www.securityfocus.com/bid/16476 http://www.vupen.com/english/advisories/2006/0413 http://www.vupen.com/english/advisories/2006/3749 https://bugzilla.mozilla.org/show_bug.cgi?id=319872 https://bug •

CVSS: 5.1EPSS: 97%CPEs: 4EXPL: 3

Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory corruption. Mozilla Firefox versions 1.5 and below remote command execution interface that makes use of location.QueryInterface(). Max OS X version. • https://www.exploit-db.com/exploits/1474 https://www.exploit-db.com/exploits/16301 https://www.exploit-db.com/exploits/1480 http://secunia.com/advisories/18700 http://secunia.com/advisories/18704 http://secunia.com/advisories/22065 http://securitytracker.com/id?1015570 http://www.kb.cert.org/vuls/id/759273 http://www.mozilla.org/security/announce/2006/mfsa2006-04.html http://www.securityfocus.com/archive/1/446657/100/200/threaded http://www.securityfocus.com/bid/ •

CVSS: 7.5EPSS: 87%CPEs: 22EXPL: 0

Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 allow remote attackers to execute arbitrary code by changing an element's style from position:relative to position:static, which causes Gecko to operate on freed memory. • http://secunia.com/advisories/18700 http://secunia.com/advisories/18704 http://secunia.com/advisories/22065 http://securitytracker.com/id?1015570 http://www.mozilla.org/security/announce/2006/mfsa2006-02.html http://www.securityfocus.com/archive/1/446657/100/200/threaded http://www.securityfocus.com/bid/16476 http://www.vupen.com/english/advisories/2006/0413 http://www.vupen.com/english/advisories/2006/3749 https://bugzilla.mozilla.org/show_bug.cgi?id=317934 https://exc •