CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2006-4561
https://notcve.org/view.php?id=CVE-2006-4561
Mozilla Firefox 1.5.0.6 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker's control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running. Mozilla Firefox 1.5.0.6 permite a un atacante remoto ejecutar código JavaScript de su elección en el contexto de una sesión del navegador con un servidor web de intranet de su elección, a través de la secuencia de comandos del alojamiento sobre un servidor web de Internet que puede hace inaccesible a través del ataque y que tiene un nombre de dominio bajo el cotrol del atacante, lo cuál puede forzar al navegador reducir el DNS que fija y realizar una nueva pregunta al DNS para el nombre de dominio después de que la secuencia de comandos esté ya funcionando. • http://osvdb.org/31834 http://polyboy.net/xss/dnsslurp.html http://shampoo.antville.org/stories/1451301 http://www.securityfocus.com/archive/1/443209/100/200/threaded •
CVSS: 4.3EPSS: 11%CPEs: 1EXPL: 1CVE-2006-4310 – Novell Identity Manager - Arbitrary Command Execution
https://notcve.org/view.php?id=CVE-2006-4310
Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FTP response, when attempting to connect with a username and password via the FTP URI. Mozilla Firefox 1.5.0.6 permite a un atacante remoto provocar denegación de servicio (caida) a través de una respueta FTP manipulada, cuando al intentamos conectar con un nombre de usuario y una contraseña a través del URI del ftp. • https://www.exploit-db.com/exploits/28427 http://secunia.com/advisories/23197 http://secunia.com/advisories/23202 http://secunia.com/advisories/23235 http://securityreason.com/securityalert/1444 http://www.debian.org/security/2006/dsa-1224 http://www.debian.org/security/2006/dsa-1225 http://www.debian.org/security/2006/dsa-1227 http://www.securityfocus.com/archive/1/444064/100/0/threaded http://www.securityfocus.com/bid/19678 • CWE-20: Improper Input Validation •
CVSS: 7.6EPSS: 96%CPEs: 28EXPL: 1CVE-2006-4253 – Mozilla Firefox 1.0.x - JavaScript Handler Race Condition Memory Corruption
https://notcve.org/view.php?id=CVE-2006-4253
Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3. NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie. Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability. NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected. Vulnerabilidad de concurrencia en Mozilla Firefox 1.5.0.6 y anteriores permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección mediante múltiples eventos Javascript temporizados que cargan un archivo XML profundamente anidado, seguido por una redirección del navegador hacia ora página, lo cual lleva a un fallo de concurencia que provoca que se liberen estructuras incorrectamente, como ha sido demostrado por (1) ffoxdie y (2) ffoxdie3. • https://www.exploit-db.com/exploits/28380 ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc http://lcamtuf.coredump.cx/ffoxdie.html http://lcamtuf.coredump.cx/ffoxdie3.html http://secunia.com/advisories/21513 http://secunia.com/advisories/21906 http://secunia.com/advisories/21915 http://secunia.com/advisories/21916 http://secunia.com/advisories/21939 http://secunia.com/advisories/21940 http://secunia.com/advisories/21949 http://secunia.com/advisories&#x • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.6EPSS: 3%CPEs: 21EXPL: 0CVE-2006-3812 – vulnerabilities: CVE-2006-{3113,3677,3801-3812}
https://notcve.org/view.php?id=CVE-2006-3812
Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to reference remote files and possibly load chrome: URLs by tricking the user into copying or dragging links. Mozilla Firefox anterior a 1.5.0.5, Thunderbird anterior a1.5.0.5, y SeaMonkey anterior a 1.0.3 permite a atacantes remotos referenciar archivos remotos y posiblemente cargar chrome: URLs engañando al usuario en acoplamientos de copiado o arrastrando enlaces. • ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc http://rhn.redhat.com/errata/RHSA-2006-0609.html http://secunia.com/advisories/19873 http://secunia.com/advisories/21216 http://secunia.com/advisories/21229 http://secunia.com/advisories/21243 http://secunia.com/advisories/21246 http://secunia.com/advisories/21262 http://secunia.com/advisories/21270 http://secunia.com/advisories/21275 http://secunia.com/advisories/21336 http://secunia.com/advisories&#x •
CVSS: 6.8EPSS: 32%CPEs: 12EXPL: 0CVE-2006-3810
https://notcve.org/view.php?id=CVE-2006-3810
Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the XPCNativeWrapper(window).Function construct. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en Mozilla Firefox 1.5 anterior a 1.5.0.5, Thunderbird anterior a 1.5.0.5, y SeaMonkey anterior a 1.0.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del constructor XPCNativeWrapper(window).Function. • ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc http://rhn.redhat.com/errata/RHSA-2006-0609.html http://secunia.com/advisories/19873 http://secunia.com/advisories/21216 http://secunia.com/advisories/21228 http://secunia.com/advisories/21229 http://secunia.com/advisories/21243 http://secunia.com/advisories/21246 http://secunia.com/advisories/21250 http://secunia.com/advisories/21262 http://secunia.com/advisories/21269 http://secunia.com/advisories&#x •