CVSS: 7.5EPSS: 36%CPEs: 27EXPL: 0CVE-2006-5464
https://notcve.org/view.php?id=CVE-2006-5464
08 Nov 2006 — Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) via unspecified vectors. Múltiples vulnerabilidades sin especificar en el diseño del motor del Mozilla Firefox en versiones anteriores a la 1.5.0.8, del Thunderbird en versiones anteriores a la 1.5.0.8 y del SeaMonkey en versiones anteriores a la 1.0.6, permite a atacantes remotos provocar una denegació... • ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P •
CVSS: 10.0EPSS: 10%CPEs: 2EXPL: 0CVE-2006-4571 – seamonkey < 1.0.5 multiple vulnerabilities; to replace Mozilla
https://notcve.org/view.php?id=CVE-2006-4571
15 Sep 2006 — Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allow remote attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via unspecified vectors, some of which involve JavaScript, and possibly large images or plugin data. Múltiples vulnerabilidades no especificadas en FireFox anteriores a 1.5.0.7, Thunderbird anteriores 1.5.0.7 y SeaMonkey anterior a 1.0.5 permite a un atacante remoto provocar dene... • ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc •
CVSS: 9.1EPSS: 1%CPEs: 2EXPL: 0CVE-2006-4570
https://notcve.org/view.php?id=CVE-2006-4570
15 Sep 2006 — Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with "Load Images" enabled, allows remote user-assisted attackers to bypass settings that disable JavaScript via a remote XBL file in a message that is loaded when the user views, forwards, or replies to the original message. Mozilla thunderbird anteriores a 1.5.0.7 y SeaMonkey anterior a 1.0.5, con la "carga de imágenes" (Load Images) habilitada, permite a un atacante remoto con la complicidad del usuario evitar la configuración que deshabilita... • ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2006-4568
https://notcve.org/view.php?id=CVE-2006-4568
15 Sep 2006 — Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows remote attackers to bypass the security model and inject content into the sub-frame of another site via targetWindow.frames[n].document.open(), which facilitates spoofing and other attacks. Mozilla FireFox anterior a 1.5.0.7 y SeaMonkey anterior a 1.0.5 permite a un atacante remoto evitar el modelo de seguridad e inyectar contenidos dentro de una sub-estructura de otro sitio a través de targetWindow.frames[n].document.open(), el cual facilita ... • ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 84%CPEs: 3EXPL: 0CVE-2006-4566
https://notcve.org/view.php?id=CVE-2006-4566
15 Sep 2006 — Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) via a malformed JavaScript regular expression that ends with a backslash in an unterminated character set ("[\\"), which leads to a buffer over-read. Mozilla Firefox anterior a 1.5.0.7, Thunderbird anterior 1.5.0.7, y SeaMonkey anterior 1.0.5 permite a atacantes remotos provocar denegación de servicio(crash) a través de expresiones regulares mal formadas JavaScr... • ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc •
CVSS: 7.4EPSS: 85%CPEs: 4EXPL: 0CVE-2006-4340
https://notcve.org/view.php?id=CVE-2006-4340
15 Sep 2006 — Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fi... • ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 3%CPEs: 3EXPL: 0CVE-2006-4565
https://notcve.org/view.php?id=CVE-2006-4565
15 Sep 2006 — Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a JavaScript regular expression with a "minimal quantifier." Desbordamiento de bufer en Mozilla Firefox anterior a 1.5.0.7, Thunderbird anterior 1.5.0.7, y SeaMonkey anterior 1.0.5 permite a un atacante remoto provocar denegación de servicio (crash) y la posibilidad de ejecutar código de su el... • ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 8%CPEs: 6EXPL: 3CVE-2006-2894 – Mozilla Firefox 1.x - JavaScript Key Filtering
https://notcve.org/view.php?id=CVE-2006-2894
07 Jun 2006 — Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the ... • https://www.exploit-db.com/exploits/27987 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 54%CPEs: 25EXPL: 0CVE-2006-2777
https://notcve.org/view.php?id=CVE-2006-2777
02 Jun 2006 — Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to execute arbitrary code by using the nsISelectionPrivate interface of the Selection object to add a SelectionListener and create notifications that are executed in a privileged context. • http://secunia.com/advisories/20376 •
CVSS: 7.5EPSS: 96%CPEs: 29EXPL: 0CVE-2006-1738
https://notcve.org/view.php?id=CVE-2006-1738
14 Apr 2006 — Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) by changing the (1) -moz-grid and (2) -moz-grid-group display styles. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt •