CVSS: 7.5EPSS: 96%CPEs: 2EXPL: 1CVE-2005-2968 – Mozilla Browser/Firefox - Arbitrary Command Execution
https://notcve.org/view.php?id=CVE-2005-2968
Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line, which is sent unfiltered to bash. • https://www.exploit-db.com/exploits/26288 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt http://secunia.com/advisories/16869 http://secunia.com/advisories/17042 http://secunia.com/advisories/17090 http://secunia.com/advisories/17149 http://secunia.com/advisories/17263 http://secunia.com/advisories/17284 http://www.debian.org/security/2005/dsa-866 http://www.debian.org/security/2005/dsa-868 http://www.kb.cert.org/vuls/id/914681 http& •
CVSS: 7.5EPSS: 96%CPEs: 8EXPL: 3CVE-2005-2871 – Mozilla Browsers - 0xAD (HOST:) Remote Heap Buffer Overrun
https://notcve.org/view.php?id=CVE-2005-2871
Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec. • https://www.exploit-db.com/exploits/1224 http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0316.html http://marc.info/?l=full-disclosure&m=112624614008387&w=2 http://secunia.com/advisories/16764 http://secunia.com/advisories/16766 http://secunia.com/advisories/16767 http://secunia.com/advisories/17042 http://secunia.com/advisories/17090 http://secunia.com/advisories/17263 http://secunia.com/advisories/17284 http://securityreason.com/securityalert/83 http://security •
CVSS: 2.6EPSS: 0%CPEs: 2EXPL: 1CVE-2005-2602
https://notcve.org/view.php?id=CVE-2005-2602
Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to obfuscate URIs via a long URI, which causes the address bar to go blank and could facilitate phishing attacks. • http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=1682 http://www.securityfocus.com/archive/1/407704 http://www.securityfocus.com/bid/14526 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2005-2429
https://notcve.org/view.php?id=CVE-2005-2429
Firefox, when opening Microsoft Word documents, does not properly set the permissions on shared sections, which allows remote attackers to write arbitrary data to open applications in Microsoft Office. Firefox, cuando abre documentos de Microsoft Word, no fija adecuadamente los permisos en secciones compartidas, lo que permite que atacantes remotos escriban datos arbitrarios en aplicaciones abiertas en Microsoft Office. • http://marc.info/?l=bugtraq&m=112248181422193&w=2 http://secunia.com/advisories/16256 http://www.osvdb.org/18484 https://exchange.xforce.ibmcloud.com/vulnerabilities/24346 •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 1CVE-2005-2395
https://notcve.org/view.php?id=CVE-2005-2395
Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the strongest authentication scheme available as required by RFC2617, which might cause credentials to be sent in plaintext even if an encrypted channel is available. Mozilla Firefox 1.0.4 and 1.0.5 no elige el esquema de autentificación más fuerte disponible, como requiere la RFC2617, lo que podría provocar que las credenciales se envíen en texto plano, aunque haya disponible un canal encriptado. • http://securityreason.com/securityalert/8 http://www.osvdb.org/19002 http://www.securiteam.com/securitynews/5PP0L00GUQ.html http://www.securityfocus.com/archive/1/405666 http://www.securityfocus.com/bid/14325 https://bugzilla.mozilla.org/show_bug.cgi?id=281851 https://exchange.xforce.ibmcloud.com/vulnerabilities/22272 •