CVSS: 6.8EPSS: 74%CPEs: 48EXPL: 0CVE-2006-6498
https://notcve.org/view.php?id=CVE-2006-6498
Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown impact and attack vectors. Múltiples vulnerabilidades en el motor de JavaScript para Mozilla Firefox 2.x anterior a 2.0.0.1, 1.5.x anterior a 1.5.0.9, Thunderbird anterior a 1.5.0.9, y SeaMonkey anterior a 1.0.7 y Mozilla 1.7 y puede que versiones anteriores en Solaris; permiten a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída) y posiblemente ejecutar código de su elección mediante vectores desconocidos, teniendo impacto desconocido. • ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc http://fedoranews.org/cms/node/2297 http://fedoranews.org/cms/node/2338 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://rhn.redhat.com/errata/RHSA-2006-0758.html http://rhn.redhat.com/errata/RHSA-2006-0759.html http://rhn.redhat.com/errata/RHSA-2006-0760.html http://secunia.com/advisories/23282 http://secunia.com/advisories/23420 http://secunia.com/advisories& •
CVSS: 6.8EPSS: 14%CPEs: 9EXPL: 0CVE-2006-6503
https://notcve.org/view.php?id=CVE-2006-6503
Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to bypass cross-site scripting (XSS) protection by changing the src attribute of an IMG element to a javascript: URI. Mozilla Firefox 2.x anterior a 2.0.0.1, 1.5.x anterior a 1.5.0.9, Thunderbird anterior a 1.5.0.9, y SeaMonkey anterior a 1.0.7 permite a atacantes remotos evitar la protección de secuencias de comandos en sitios cruzados (XSS) cambiando el atributo src de un elemento IMG a javascript: URI. • ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc http://fedoranews.org/cms/node/2297 http://fedoranews.org/cms/node/2338 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://rhn.redhat.com/errata/RHSA-2006-0758.html http://rhn.redhat.com/errata/RHSA-2006-0759.html http://rhn.redhat.com/errata/RHSA-2006-0760.html http://secunia.com/advisories/23282 http://secunia.com/advisories/23420 http://secunia.com/advisories& • CWE-254: 7PK - Security Features •
CVSS: 6.8EPSS: 16%CPEs: 9EXPL: 0CVE-2006-6501
https://notcve.org/view.php?id=CVE-2006-6501
Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function. Vulnerabilidad no especificada en Mozilla Firefox 2.x anterior a 2.0.0.1, 1.5.x anterior a 1.5.0.9, Thunderbird anterior a 1.5.0.9, y SeaMonkey anterior a 1.0.7 permite a atacantes remotos obtener privilegios e instalar código malicioso mediante la función watch de Javascript. • ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc http://fedoranews.org/cms/node/2297 http://fedoranews.org/cms/node/2338 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://rhn.redhat.com/errata/RHSA-2006-0758.html http://rhn.redhat.com/errata/RHSA-2006-0759.html http://rhn.redhat.com/errata/RHSA-2006-0760.html http://secunia.com/advisories/23282 http://secunia.com/advisories/23420 http://secunia.com/advisories& • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 5%CPEs: 1EXPL: 0CVE-2006-6507
https://notcve.org/view.php?id=CVE-2006-6507
Mozilla Firefox 2.0 before 2.0.0.1 allows remote attackers to bypass Cross-Site Scripting (XSS) protection via vectors related to a Function.prototype regression error. Mozilla Firefox 2.0 anterior a 2.0.0.1 permite a atacantes remotos evitar la protección de secuencias de comandos en sitios cruzados (XSS) mediante vectores relacionados con un error de regresión de Function.prototype. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://secunia.com/advisories/23282 http://secunia.com/advisories/23545 http://secunia.com/advisories/23589 http://secunia.com/advisories/23614 http://secunia.com/advisories/23672 http://security.gentoo.org/glsa/glsa-200701-02.xml http://securitytracker.com/id?1017422 http://www.mozilla.org/security/announce/2006/mfsa2006-76.html http://www.novell.com/linux/security/advisories/2006_80_mozilla.html http:& •
CVSS: 9.3EPSS: 92%CPEs: 6EXPL: 0CVE-2006-6504 – Mozilla Firefox SVG Processing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2006-6504
Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption. Mozilla Firefox 2.x anterior a 2.0.0.1, 1.5.x anterior a 1.5.0.9, y SeaMonkey anterior a 1.0.7 permite a atacantes remotos ejecutar código de su elección añadiendo un nodo DOM con un comentario SVG a otro tipo de documento, lo cual desemboca en una corrupción de memoria. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the browser's handling of SVG comment objects. Firefox does not correctly handle requests to append SVG comments to elements in other types of documents. • ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc http://fedoranews.org/cms/node/2297 http://fedoranews.org/cms/node/2338 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://rhn.redhat.com/errata/RHSA-2006-0758.html http://rhn.redhat.com/errata/RHSA-2006-0759.html http://rhn.redhat.com/errata/RHSA-2006-0760.html http://secunia.com/advisories/23282 http://secunia.com/advisories/23422 http://secunia.com/advisories& • CWE-94: Improper Control of Generation of Code ('Code Injection') •