CVSS: 9.8EPSS: 1%CPEs: 35EXPL: 2CVE-2005-1156
https://notcve.org/view.php?id=CVE-2005-1156
18 Apr 2005 — Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1." • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt •
CVSS: 9.8EPSS: 53%CPEs: 34EXPL: 1CVE-2005-1155
https://notcve.org/view.php?id=CVE-2005-1155
18 Apr 2005 — The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a <LINK rel="icon"> tag with a javascript: URL in the href attribute, aka "Firelinking." • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 1%CPEs: 35EXPL: 2CVE-2005-1157
https://notcve.org/view.php?id=CVE-2005-1157
18 Apr 2005 — Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka "Firesearching 2." • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt •
CVSS: 8.8EPSS: 3%CPEs: 34EXPL: 0CVE-2005-1153
https://notcve.org/view.php?id=CVE-2005-1153
18 Apr 2005 — Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a popup, allows remote attackers to execute arbitrary code via a javascript: URL that is executed when the user selects the "Show javascript" option. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt •
CVSS: 9.8EPSS: 0%CPEs: 34EXPL: 0CVE-2005-1160
https://notcve.org/view.php?id=CVE-2005-1160
18 Apr 2005 — The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt •
CVSS: 8.8EPSS: 88%CPEs: 46EXPL: 0CVE-2005-0399
https://notcve.org/view.php?id=CVE-2005-0399
24 Mar 2005 — Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunderbird before 1.0.2, and possibly other applications that use the same library, allows remote attackers to execute arbitrary code via a GIF image with a crafted Netscape extension 2 block and buffer size. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt •
CVSS: 8.8EPSS: 4%CPEs: 31EXPL: 2CVE-2005-0401
https://notcve.org/view.php?id=CVE-2005-0401
24 Mar 2005 — FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2." • http://marc.info/?l=bugtraq&m=111168413007891&w=2 •
CVSS: 6.5EPSS: 0%CPEs: 31EXPL: 0CVE-2005-0584
https://notcve.org/view.php?id=CVE-2005-0584
28 Feb 2005 — Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks. • http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml •
CVSS: 7.5EPSS: 0%CPEs: 44EXPL: 0CVE-2005-0590
https://notcve.org/view.php?id=CVE-2005-0590
28 Feb 2005 — The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequence in the URL, which appears before the real hostname. • http://secunia.com/advisories/19823 •
CVSS: 5.3EPSS: 0%CPEs: 31EXPL: 0CVE-2005-0588
https://notcve.org/view.php?id=CVE-2005-0588
28 Feb 2005 — Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system. • http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml •