CVSS: 6.4EPSS: 0%CPEs: 79EXPL: 0CVE-2005-4685
https://notcve.org/view.php?id=CVE-2005-4685
31 Dec 2005 — Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site. • http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0123.html •
CVSS: 7.5EPSS: 27%CPEs: 11EXPL: 1CVE-2005-4134 – Mozilla Firefox 0.x/1.x - Large History File Buffer Overflow
https://notcve.org/view.php?id=CVE-2005-4134
09 Dec 2005 — Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this ... • https://www.exploit-db.com/exploits/26762 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2005-3896
https://notcve.org/view.php?id=CVE-2005-3896
29 Nov 2005 — Mozilla allows remote attackers to cause a denial of service (CPU consumption) via a Javascript BODY onload event that calls the window function. • http://marc.info/?l=bugtraq&m=113262115201500&w=2 •
CVSS: 9.8EPSS: 8%CPEs: 12EXPL: 0CVE-2005-2701
https://notcve.org/view.php?id=CVE-2005-2701
23 Sep 2005 — Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to execute arbitrary code via an XBM image file that ends in a large number of spaces instead of the expected end tag. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt •
CVSS: 9.8EPSS: 7%CPEs: 12EXPL: 0CVE-2005-2702
https://notcve.org/view.php?id=CVE-2005-2702
23 Sep 2005 — Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Unicode sequences with "zero-width non-joiner" characters. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt •
CVSS: 9.1EPSS: 4%CPEs: 12EXPL: 0CVE-2005-2703
https://notcve.org/view.php?id=CVE-2005-2703
23 Sep 2005 — Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 2%CPEs: 12EXPL: 0CVE-2005-2704
https://notcve.org/view.php?id=CVE-2005-2704
23 Sep 2005 — Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spoof DOM objects via an XBL control that implements an internal XPCOM interface. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt •
CVSS: 9.8EPSS: 7%CPEs: 12EXPL: 0CVE-2005-2705
https://notcve.org/view.php?id=CVE-2005-2705
23 Sep 2005 — Integer overflow in the JavaScript engine in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 might allow remote attackers to execute arbitrary code. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt •
CVSS: 9.1EPSS: 3%CPEs: 12EXPL: 0CVE-2005-2706
https://notcve.org/view.php?id=CVE-2005-2706
23 Sep 2005 — Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote attackers to execute Javascript with chrome privileges via an about: page such as about:mozilla. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt •
CVSS: 5.0EPSS: 1%CPEs: 12EXPL: 0CVE-2005-2707
https://notcve.org/view.php?id=CVE-2005-2707
23 Sep 2005 — Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spawn windows without user interface components such as the address and status bar, which could be used to conduct spoofing or phishing attacks. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt •