CVSS: 9.3EPSS: 28%CPEs: 3EXPL: 0CVE-2006-4565
https://notcve.org/view.php?id=CVE-2006-4565
Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a JavaScript regular expression with a "minimal quantifier." Desbordamiento de bufer en Mozilla Firefox anterior a 1.5.0.7, Thunderbird anterior 1.5.0.7, y SeaMonkey anterior 1.0.5 permite a un atacante remoto provocar denegación de servicio (crash) y la posibilidad de ejecutar código de su elección a través de expresiones regulares de JavaScript con una "cuantificación mínima". • ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc http://secunia.com/advisories/21906 http://secunia.com/advisories/21915 http://secunia.com/advisories/21916 http://secunia.com/advisories/21939 http://secunia.com/advisories/21940 http://secunia.com/advisories/21949 http://secunia.com/advisories/21950 http://secunia.com/advisories/22001 http://secunia.com/advisories/22025 http://secunia.com/advisories/22036 http://secunia.com/advisories/22055 http:/& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 96%CPEs: 3EXPL: 0CVE-2006-4566
https://notcve.org/view.php?id=CVE-2006-4566
Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) via a malformed JavaScript regular expression that ends with a backslash in an unterminated character set ("[\\"), which leads to a buffer over-read. Mozilla Firefox anterior a 1.5.0.7, Thunderbird anterior 1.5.0.7, y SeaMonkey anterior 1.0.5 permite a atacantes remotos provocar denegación de servicio(crash) a través de expresiones regulares mal formadas JavaScript que finalizan con una barra invertida en un juego de caracteres indeterminado ("[\\"), que conduce a un bufer a sobre leerse. • ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc http://secunia.com/advisories/21906 http://secunia.com/advisories/21915 http://secunia.com/advisories/21916 http://secunia.com/advisories/21939 http://secunia.com/advisories/21940 http://secunia.com/advisories/21949 http://secunia.com/advisories/21950 http://secunia.com/advisories/22001 http://secunia.com/advisories/22025 http://secunia.com/advisories/22036 http://secunia.com/advisories/22055 http:/& •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2006-4561
https://notcve.org/view.php?id=CVE-2006-4561
Mozilla Firefox 1.5.0.6 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker's control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running. Mozilla Firefox 1.5.0.6 permite a un atacante remoto ejecutar código JavaScript de su elección en el contexto de una sesión del navegador con un servidor web de intranet de su elección, a través de la secuencia de comandos del alojamiento sobre un servidor web de Internet que puede hace inaccesible a través del ataque y que tiene un nombre de dominio bajo el cotrol del atacante, lo cuál puede forzar al navegador reducir el DNS que fija y realizar una nueva pregunta al DNS para el nombre de dominio después de que la secuencia de comandos esté ya funcionando. • http://osvdb.org/31834 http://polyboy.net/xss/dnsslurp.html http://shampoo.antville.org/stories/1451301 http://www.securityfocus.com/archive/1/443209/100/200/threaded •
CVSS: 4.3EPSS: 11%CPEs: 1EXPL: 1CVE-2006-4310 – Novell Identity Manager - Arbitrary Command Execution
https://notcve.org/view.php?id=CVE-2006-4310
Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FTP response, when attempting to connect with a username and password via the FTP URI. Mozilla Firefox 1.5.0.6 permite a un atacante remoto provocar denegación de servicio (caida) a través de una respueta FTP manipulada, cuando al intentamos conectar con un nombre de usuario y una contraseña a través del URI del ftp. • https://www.exploit-db.com/exploits/28427 http://secunia.com/advisories/23197 http://secunia.com/advisories/23202 http://secunia.com/advisories/23235 http://securityreason.com/securityalert/1444 http://www.debian.org/security/2006/dsa-1224 http://www.debian.org/security/2006/dsa-1225 http://www.debian.org/security/2006/dsa-1227 http://www.securityfocus.com/archive/1/444064/100/0/threaded http://www.securityfocus.com/bid/19678 • CWE-20: Improper Input Validation •
CVSS: 7.6EPSS: 96%CPEs: 28EXPL: 1CVE-2006-4253 – Mozilla Firefox 1.0.x - JavaScript Handler Race Condition Memory Corruption
https://notcve.org/view.php?id=CVE-2006-4253
Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3. NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie. Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability. NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected. Vulnerabilidad de concurrencia en Mozilla Firefox 1.5.0.6 y anteriores permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección mediante múltiples eventos Javascript temporizados que cargan un archivo XML profundamente anidado, seguido por una redirección del navegador hacia ora página, lo cual lleva a un fallo de concurencia que provoca que se liberen estructuras incorrectamente, como ha sido demostrado por (1) ffoxdie y (2) ffoxdie3. • https://www.exploit-db.com/exploits/28380 ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc http://lcamtuf.coredump.cx/ffoxdie.html http://lcamtuf.coredump.cx/ffoxdie3.html http://secunia.com/advisories/21513 http://secunia.com/advisories/21906 http://secunia.com/advisories/21915 http://secunia.com/advisories/21916 http://secunia.com/advisories/21939 http://secunia.com/advisories/21940 http://secunia.com/advisories/21949 http://secunia.com/advisories&#x • CWE-264: Permissions, Privileges, and Access Controls •