Page 441 of 2337 results (0.012 seconds)

CVSS: 2.6EPSS: 2%CPEs: 1EXPL: 0

Mozilla Firefox 1.5.0.3 allows remote attackers to cause a denial of service via a web page with a large number of IMG elements in which the SRC attribute is a mailto URI. NOTE: another researcher found that the web page caused a temporary browser slowdown instead of a crash. • http://securityreason.com/securityalert/876 http://www.securityfocus.com/archive/1/433534/100/0/threaded http://www.securityfocus.com/archive/1/433568/100/0/threaded http://www.securityfocus.com/archive/1/433984/30/5010/threaded http://www.securityview.org/confirmed-bug-in-firefox-1503.html •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

Argument injection vulnerability in Mozilla Firefox 1.0.6 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API. • http://ingehenriksen.blogspot.com/2006/04/office-2003-file-attachment-exploit.html http://www.securityfocus.com/archive/1/432009/100/0/threaded http://www.vupen.com/english/advisories/2006/1538 https://exchange.xforce.ibmcloud.com/vulnerabilities/26118 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •

CVSS: 5.1EPSS: 96%CPEs: 1EXPL: 4

Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by the contentWindow.focus method in an iframe, which causes a reference to a deleted controller context object. NOTE: this was originally claimed to be a buffer overflow in (1) js320.dll and (2) xpcom_core.dll, but the vendor disputes this claim. • https://www.exploit-db.com/exploits/1716 http://secunia.com/advisories/19802 http://secunia.com/advisories/20015 http://secunia.com/advisories/20019 http://secunia.com/advisories/20070 http://secunia.com/advisories/20214 http://secunia.com/advisories/22066 http://securityreason.com/securityalert/780 http://securitytracker.com/id?1015981 http://www.debian.org/security/2006/dsa-1053 http://www.debian.org/security/2006/dsa-1055 http://www.gentoo.org/security/en/glsa/glsa& • CWE-399: Resource Management Errors •

CVSS: 5.1EPSS: 1%CPEs: 5EXPL: 0

Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an "alternate web page." • http://secunia.com/advisories/19698 http://secunia.com/advisories/19988 http://secunia.com/advisories/20063 http://secunia.com/advisories/20376 http://secunia.com/advisories/21176 http://secunia.com/advisories/21183 http://secunia.com/advisories/21324 http://secunia.com/advisories/22066 http://securitytracker.com/id?1016202 http://www.debian.org/security/2006/dsa-1118 http://www.debian.org/security/2006/dsa-1120 http://www.debian.org/security/2006/dsa-1134 http:/&# •

CVSS: 10.0EPSS: 96%CPEs: 1EXPL: 0

A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html http://secunia.com/advisories/19631 http://secunia.com/advisories/19714 http://secunia.com/advisories/19721 http://secunia.com/advisories/19729 http://secunia.com/advisories/19746 http://secunia.com/advisories/19759 http://secunia.com/advisories/19780 http:&#x • CWE-399: Resource Management Errors •