CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2006-2613
https://notcve.org/view.php?id=CVE-2006-2613
Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other versions before before 1.8.0, and Netscape 7.2 and 8.1, and possibly other versions and products, allows remote user-assisted attackers to obtain information such as the installation path by causing exceptions to be thrown and checking the message contents. • http://secunia.com/advisories/20244 http://secunia.com/advisories/20255 http://secunia.com/advisories/20256 http://secunia.com/advisories/21532 http://securityreason.com/securityalert/960 http://www.mandriva.com/security/advisories?name=MDKSA-2006:143 http://www.mandriva.com/security/advisories?name=MDKSA-2006:145 http://www.securityfocus.com/archive/1/434696/100/0/threaded https://bugzilla.mozilla.org/attachment.cgi?id=164547 https://bugzilla.mozilla.org/show_bug.cgi?id=267645 https&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.6EPSS: 0%CPEs: 2EXPL: 0CVE-2006-2538
https://notcve.org/view.php?id=CVE-2006-2538
IE Tab 1.0.9 plugin for Mozilla Firefox 1.5.0.3 allows remote user-assisted attackers to cause a denial of service (application crash), possibly due to a null dereference, via certain Javascript, as demonstrated using a url parameter to the content/reloaded.html page in a chrome:// URI. Some third-party researchers claim that they are unable to reproduce this vulnerability. • http://www.securityfocus.com/archive/1/434280/100/0/threaded http://www.securityfocus.com/archive/1/434519/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/26540 •
CVSS: 2.6EPSS: 2%CPEs: 1EXPL: 0CVE-2006-2332
https://notcve.org/view.php?id=CVE-2006-2332
Mozilla Firefox 1.5.0.3 allows remote attackers to cause a denial of service via a web page with a large number of IMG elements in which the SRC attribute is a mailto URI. NOTE: another researcher found that the web page caused a temporary browser slowdown instead of a crash. • http://securityreason.com/securityalert/876 http://www.securityfocus.com/archive/1/433534/100/0/threaded http://www.securityfocus.com/archive/1/433568/100/0/threaded http://www.securityfocus.com/archive/1/433984/30/5010/threaded http://www.securityview.org/confirmed-bug-in-firefox-1503.html •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2057
https://notcve.org/view.php?id=CVE-2006-2057
Argument injection vulnerability in Mozilla Firefox 1.0.6 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API. • http://ingehenriksen.blogspot.com/2006/04/office-2003-file-attachment-exploit.html http://www.securityfocus.com/archive/1/432009/100/0/threaded http://www.vupen.com/english/advisories/2006/1538 https://exchange.xforce.ibmcloud.com/vulnerabilities/26118 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 5.1EPSS: 96%CPEs: 1EXPL: 4CVE-2006-1993 – Mozilla Firefox 1.5.0.2 - 'js320.dll/xpcom_core.dll' Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2006-1993
Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by the contentWindow.focus method in an iframe, which causes a reference to a deleted controller context object. NOTE: this was originally claimed to be a buffer overflow in (1) js320.dll and (2) xpcom_core.dll, but the vendor disputes this claim. • https://www.exploit-db.com/exploits/1716 http://secunia.com/advisories/19802 http://secunia.com/advisories/20015 http://secunia.com/advisories/20019 http://secunia.com/advisories/20070 http://secunia.com/advisories/20214 http://secunia.com/advisories/22066 http://securityreason.com/securityalert/780 http://securitytracker.com/id?1015981 http://www.debian.org/security/2006/dsa-1053 http://www.debian.org/security/2006/dsa-1055 http://www.gentoo.org/security/en/glsa/glsa& • CWE-399: Resource Management Errors •