Page 3 of 120 results (0.005 seconds)

CVSS: 4.0EPSS: 8%CPEs: 6EXPL: 3

CVE-2006-2894 – Mozilla Firefox 1.x - JavaScript Key Filtering

https://notcve.org/view.php?id=CVE-2006-2894

Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form. • https://www.exploit-db.com/exploits/27987 https://www.exploit-db.com/exploits/27986 http://archives.neohapsis.com/archives/bugtraq/2007-02/0166.html http://archives.neohapsis.com/archives/bugtraq/2007-02/0187.html http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://lcamtuf.coredump.cx/focusbug http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html http://lists.virus.org/full-disclosure-0702/msg00225.html http://secunia.com/advisories • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1

CVE-2006-2613

https://notcve.org/view.php?id=CVE-2006-2613

Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other versions before before 1.8.0, and Netscape 7.2 and 8.1, and possibly other versions and products, allows remote user-assisted attackers to obtain information such as the installation path by causing exceptions to be thrown and checking the message contents. • http://secunia.com/advisories/20244 http://secunia.com/advisories/20255 http://secunia.com/advisories/20256 http://secunia.com/advisories/21532 http://securityreason.com/securityalert/960 http://www.mandriva.com/security/advisories?name=MDKSA-2006:143 http://www.mandriva.com/security/advisories?name=MDKSA-2006:145 http://www.securityfocus.com/archive/1/434696/100/0/threaded https://bugzilla.mozilla.org/attachment.cgi?id=164547 https://bugzilla.mozilla.org/show_bug.cgi?id=267645 https&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.1EPSS: 1%CPEs: 5EXPL: 0

CVE-2006-1942

https://notcve.org/view.php?id=CVE-2006-1942

Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an "alternate web page." • http://secunia.com/advisories/19698 http://secunia.com/advisories/19988 http://secunia.com/advisories/20063 http://secunia.com/advisories/20376 http://secunia.com/advisories/21176 http://secunia.com/advisories/21183 http://secunia.com/advisories/21324 http://secunia.com/advisories/22066 http://securitytracker.com/id?1016202 http://www.debian.org/security/2006/dsa-1118 http://www.debian.org/security/2006/dsa-1120 http://www.debian.org/security/2006/dsa-1134 http:/&# •

CVSS: 5.0EPSS: 96%CPEs: 11EXPL: 1

CVE-2005-4134 – Mozilla Firefox 0.x/1.x - Large History File Buffer Overflow

https://notcve.org/view.php?id=CVE-2005-4134

Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this issue. • https://www.exploit-db.com/exploits/26762 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U http://marc.info/?l=full-disclosure&m=113404911919629&w=2 http://marc.info/?l=full-disclosure&m=113405896025702&w=2 http://secunia.com/advisories/17934 http://secunia.com/advisories/17944 http://secunia.com/advisories/17946 http://secunia.com/advisories/18700 http://secunia.com/advisori •

CVSS: 7.5EPSS: 1%CPEs: 35EXPL: 2

CVE-2005-1157

https://notcve.org/view.php?id=CVE-2005-1157

Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka "Firesearching 2." • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt http://secunia.com/advisories/14938 http://secunia.com/advisories/14992 http://secunia.com/advisories/14996 http://www.mikx.de/firesearching http://www.mozilla.org/security/announce/mfsa2005-38.html http://www.redhat.com/support/errata/RHSA-2005-383.html http://www.redhat.com/support/errata/RHSA-2005-384.html http://www.redhat.com/support/errata/RHSA-2005-386.html http://www.securityfocus.com •