CVSS: 7.5EPSS: 95%CPEs: 25EXPL: 0CVE-2006-0292
https://notcve.org/view.php?id=CVE-2006-0292
The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U http://secunia.com/advisories/18700 http://secunia.com/advisories/18703 http://secunia.com/advisories/18704 http://secunia.com/advisories/18705 http://secunia.com/advisories/18706 http://secunia.com/advisories/18708 http://secunia.com/advisories/18709 http://secunia.com/advisories/19230 http://secunia.com/advisories/19746 http:/&#x •
CVSS: 4.3EPSS: 91%CPEs: 24EXPL: 2CVE-2006-0496 – Mozilla Firefox 1.0/1.5 XBL - MOZ-BINDING Property Cross-Domain Scripting
https://notcve.org/view.php?id=CVE-2006-0496
Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding (Cascading Style Sheets) CSS property, which does not require that the style sheet have the same origin as the web page, as demonstrated by the compromise of a large number of LiveJournal accounts. Vulnerabilidad de XSS en Mozilla 1.7.12 y posiblemente versiones anteriores, Mozilla Firefox 1.0.7 y posiblemente versiones anteriores y Netscape 8.1 y posiblemente versiones anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de propiedad CSS (Cascading Style Sheets) -moz-binding, lo que no requiere que la hoja de estilos tenga el mismo origen que la página web, como es demostrado por el compromiso de un gran número de cuentas de LiveJournal. • https://www.exploit-db.com/exploits/27150 http://community.livejournal.com/lj_dev/708069.html http://marc.info/?l=full-disclosure&m=113847912709062&w=2 http://securitytracker.com/id?1015553 http://securitytracker.com/id?1015563 http://www.davidpashley.com/cgi/pyblosxom.cgi/computing/livejournal-mozilla-bug.html http://www.osvdb.org/22924 http://www.securityfocus.com/bid/16427 http://www.vupen.com/english/advisories/2006/0403 https://bugzilla.mozilla.org/show_bug.cgi?id=324253& •
CVSS: 6.4EPSS: 0%CPEs: 79EXPL: 0CVE-2005-4685
https://notcve.org/view.php?id=CVE-2005-4685
Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site. • http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0123.html http://www.securityfocus.com/bid/15331 https://exchange.xforce.ibmcloud.com/vulnerabilities/25291 •
CVSS: 5.0EPSS: 11%CPEs: 24EXPL: 2CVE-2005-4809 – Mozilla Suite/Firefox/Thunderbird - Nested Anchor Tag Status Bar Spoofing
https://notcve.org/view.php?id=CVE-2005-4809
Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag. • https://www.exploit-db.com/exploits/25221 http://marc.info/?l=full-disclosure&m=111073068631287&w=2 http://secunia.com/advisories/14568 http://securitytracker.com/id?1013423 http://www.osvdb.org/14885 http://www.securityfocus.com/bid/12798 http://www.vupen.com/english/advisories/2005/0260 https://exchange.xforce.ibmcloud.com/vulnerabilities/19540 •
CVSS: 7.5EPSS: 91%CPEs: 12EXPL: 0CVE-2005-2701
https://notcve.org/view.php?id=CVE-2005-2701
Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to execute arbitrary code via an XBM image file that ends in a large number of spaces instead of the expected end tag. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt http://secunia.com/advisories/16911 http://secunia.com/advisories/16917 http://secunia.com/advisories/16977 http://secunia.com/advisories/17014 http://secunia.com/advisories/17026 http://secunia.com/advisories/17149 http://secunia.com/advisories/17263 http://secunia.com/advisories/17284 http://securitytracker.com/id?1014954 http://www.debian.org/security/2005/dsa-838 http://www.debian.org/secur •