CVSS: 9.8EPSS: 94%CPEs: 12EXPL: 0CVE-2006-3803
https://notcve.org/view.php?id=CVE-2006-3803
27 Jul 2006 — Race condition in the JavaScript garbage collection in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code by causing the garbage collector to delete a temporary variable while it is still being used during the creation of a new Function object. Condición de carrera en el colector de basura JavaSCript en Mozilla Firefox 1.5 anterior a 1.5.0.5, Thunderbird anterior a 1.5.0.5, y SeaMonkey anterior a 1.0.3 podría perm... • ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc •
CVSS: 7.5EPSS: 15%CPEs: 7EXPL: 0CVE-2006-3804
https://notcve.org/view.php?id=CVE-2006-3804
27 Jul 2006 — Heap-based buffer overflow in Mozilla Thunderbird before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service (crash) via a VCard attachment with a malformed base64 field, which copies more data than expected due to an integer underflow. Desbordamiento de búfer basado en pila en Mozilla Thunderbird anterior a 1.5.0.5 y SeaMonkey anterior a 1.0.3 permite a atacantes remotos provocar denegación de servicio (caida) a través de una adjunto Vcard con un campo base64 mal formado... • ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc •
CVSS: 9.8EPSS: 88%CPEs: 12EXPL: 0CVE-2006-3807
https://notcve.org/view.php?id=CVE-2006-3807
27 Jul 2006 — Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object() constructor to return a reference to a privileged object and calling "named JavaScript functions" that use the constructor. Mozilla Firefox anterior a 1.5.0.5, Thunderbird anterior a 1.5.0.5, y SeaMonkey anterior a 1.0.3 permite a atacantes remotos ejecutar código de su elección a través de la secuencia de comandos que cambian ... • ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc •
CVSS: 9.8EPSS: 96%CPEs: 12EXPL: 0CVE-2006-3806
https://notcve.org/view.php?id=CVE-2006-3806
27 Jul 2006 — Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSource method of the Object, Array, and String objects; and (2) unspecified "string function arguments." Múltiples desbordamientos de búfer de enteros en el motor JavaScript en Mozilla Firefox anterior a 1.5.0.5, Thunderbird anterior a 1.5.0.5, y SeaMonkey anterior a... • ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 96%CPEs: 9EXPL: 3CVE-2006-3677 – Mozilla Firefox Javascript navigator Object Vulnerability
https://notcve.org/view.php?id=CVE-2006-3677
26 Jul 2006 — Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a crash that leads to code execution. Mozilla Firefox 1.5 anterior a 1.5.0.5 y SeaMonkey anterior a 1.0.3 permite a atacantes remotos ejecutar código de su elección cambiando ciertas propiedades del objeto de la ventana de navegación (window.navigator) que es accedid... • https://www.exploit-db.com/exploits/2082 • CWE-16: Configuration •
CVSS: 8.1EPSS: 8%CPEs: 6EXPL: 3CVE-2006-2894 – Mozilla Firefox 1.x - JavaScript Key Filtering
https://notcve.org/view.php?id=CVE-2006-2894
07 Jun 2006 — Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the ... • https://www.exploit-db.com/exploits/27987 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 11%CPEs: 2EXPL: 0CVE-2006-2781 – (seamonkey): DOS/arbitrary code execution vuln with vcards
https://notcve.org/view.php?id=CVE-2006-2781
02 Jun 2006 — Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a VCard that contains invalid base64 characters. • http://rhn.redhat.com/errata/RHSA-2006-0609.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 94%CPEs: 2EXPL: 0CVE-2006-2782
https://notcve.org/view.php?id=CVE-2006-2782
02 Jun 2006 — Firefox 1.5.0.2 does not fix all test cases associated with CVE-2006-1729, which allows remote attackers to read arbitrary files by inserting the target filename into a text box, then turning that box into a file upload control. • http://rhn.redhat.com/errata/RHSA-2006-0609.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 54%CPEs: 25EXPL: 0CVE-2006-2777
https://notcve.org/view.php?id=CVE-2006-2777
02 Jun 2006 — Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to execute arbitrary code by using the nsISelectionPrivate interface of the Selection object to add a SelectionListener and create notifications that are executed in a privileged context. • http://secunia.com/advisories/20376 •
CVSS: 7.5EPSS: 96%CPEs: 29EXPL: 0CVE-2006-1738
https://notcve.org/view.php?id=CVE-2006-1738
14 Apr 2006 — Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) by changing the (1) -moz-grid and (2) -moz-grid-group display styles. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt •