CVSS: 4.3EPSS: 5%CPEs: 7EXPL: 1CVE-2006-1741
https://notcve.org/view.php?id=CVE-2006-1741
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection". • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html http://secunia.com/advisories/19631 http://secunia.com/advisories/19696 http://secunia.com/advisories/19714 http://secunia.com/advisories/19721 http://secunia.com/advisories/19729 http://secunia.com/advisories/19746 http://secunia.com/advisories/19759 http:&#x • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 95%CPEs: 25EXPL: 0CVE-2006-0292
https://notcve.org/view.php?id=CVE-2006-0292
The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U http://secunia.com/advisories/18700 http://secunia.com/advisories/18703 http://secunia.com/advisories/18704 http://secunia.com/advisories/18705 http://secunia.com/advisories/18706 http://secunia.com/advisories/18708 http://secunia.com/advisories/18709 http://secunia.com/advisories/19230 http://secunia.com/advisories/19746 http:/&#x •
CVSS: 6.4EPSS: 0%CPEs: 79EXPL: 0CVE-2005-4685
https://notcve.org/view.php?id=CVE-2005-4685
Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site. • http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0123.html http://www.securityfocus.com/bid/15331 https://exchange.xforce.ibmcloud.com/vulnerabilities/25291 •
CVSS: 5.0EPSS: 2%CPEs: 38EXPL: 1CVE-2005-2263
https://notcve.org/view.php?id=CVE-2005-2263
The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of the new page and results in a same origin violation. • http://secunia.com/advisories/16043 http://secunia.com/advisories/16059 http://www.ciac.org/ciac/bulletins/p-252.shtml http://www.debian.org/security/2005/dsa-810 http://www.mozilla.org/security/announce/mfsa2005-48.html http://www.novell.com/linux/security/advisories/2005_18_sr.html http://www.novell.com/linux/security/advisories/2005_45_mozilla.html http://www.redhat.com/support/errata/RHSA-2005-586.html http://www.redhat.com/support/errata/RHSA-2005-587.html http& •
CVSS: 7.5EPSS: 2%CPEs: 38EXPL: 0CVE-2005-2260
https://notcve.org/view.php?id=CVE-2005-2260
The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be performed manually by the user. • http://bugzilla.mozilla.org/show_bug.cgi?id=289940 http://secunia.com/advisories/16043 http://secunia.com/advisories/16044 http://secunia.com/advisories/16059 http://www.ciac.org/ciac/bulletins/p-252.shtml http://www.debian.org/security/2005/dsa-810 http://www.mozilla.org/security/announce/mfsa2005-45.html http://www.networksecurity.fi/advisories/netscape-multiple-issues.html http://www.novell.com/linux/security/advisories/2005_18_sr.html http://www.novell.com/linux/secur •