CVSS: 2.6EPSS: 12%CPEs: 30EXPL: 0CVE-2006-1740
https://notcve.org/view.php?id=CVE-2006-1740
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html http://secunia.com/advisories/19631 http://secunia.com/advisories/19696 http://secunia.com/advisories/19714 http://secunia.com/advisories/19721 http://secunia.com/advisories/19729 http://secunia.com/advisories/19746 http://secunia.com/advisories/19759 http:&#x •
CVSS: 5.0EPSS: 7%CPEs: 30EXPL: 0CVE-2006-1742
https://notcve.org/view.php?id=CVE-2006-1742
The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger operations on freed memory and cause memory corruption. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html http://secunia.com/advisories/19631 http://secunia.com/advisories/19696 http://secunia.com/advisories/19714 http://secunia.com/advisories/19721 http://secunia.com/advisories/19729 http://secunia.com/advisories/19746 http://secunia.com/advisories/19759 http:&#x •
CVSS: 4.3EPSS: 91%CPEs: 24EXPL: 2CVE-2006-0496 – Mozilla Firefox 1.0/1.5 XBL - MOZ-BINDING Property Cross-Domain Scripting
https://notcve.org/view.php?id=CVE-2006-0496
Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding (Cascading Style Sheets) CSS property, which does not require that the style sheet have the same origin as the web page, as demonstrated by the compromise of a large number of LiveJournal accounts. Vulnerabilidad de XSS en Mozilla 1.7.12 y posiblemente versiones anteriores, Mozilla Firefox 1.0.7 y posiblemente versiones anteriores y Netscape 8.1 y posiblemente versiones anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de propiedad CSS (Cascading Style Sheets) -moz-binding, lo que no requiere que la hoja de estilos tenga el mismo origen que la página web, como es demostrado por el compromiso de un gran número de cuentas de LiveJournal. • https://www.exploit-db.com/exploits/27150 http://community.livejournal.com/lj_dev/708069.html http://marc.info/?l=full-disclosure&m=113847912709062&w=2 http://securitytracker.com/id?1015553 http://securitytracker.com/id?1015563 http://www.davidpashley.com/cgi/pyblosxom.cgi/computing/livejournal-mozilla-bug.html http://www.osvdb.org/22924 http://www.securityfocus.com/bid/16427 http://www.vupen.com/english/advisories/2006/0403 https://bugzilla.mozilla.org/show_bug.cgi?id=324253& •
CVSS: 6.4EPSS: 0%CPEs: 79EXPL: 0CVE-2005-4685
https://notcve.org/view.php?id=CVE-2005-4685
Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site. • http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0123.html http://www.securityfocus.com/bid/15331 https://exchange.xforce.ibmcloud.com/vulnerabilities/25291 •
CVSS: 7.5EPSS: 91%CPEs: 12EXPL: 0CVE-2005-2701
https://notcve.org/view.php?id=CVE-2005-2701
Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to execute arbitrary code via an XBM image file that ends in a large number of spaces instead of the expected end tag. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt http://secunia.com/advisories/16911 http://secunia.com/advisories/16917 http://secunia.com/advisories/16977 http://secunia.com/advisories/17014 http://secunia.com/advisories/17026 http://secunia.com/advisories/17149 http://secunia.com/advisories/17263 http://secunia.com/advisories/17284 http://securitytracker.com/id?1014954 http://www.debian.org/security/2005/dsa-838 http://www.debian.org/secur •