CVSS: 9.8EPSS: 67%CPEs: 4EXPL: 0CVE-2006-1531
https://notcve.org/view.php?id=CVE-2006-1531
14 Apr 2006 — Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt •
CVSS: 9.8EPSS: 53%CPEs: 7EXPL: 0CVE-2006-1724
https://notcve.org/view.php?id=CVE-2006-1724
14 Apr 2006 — Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to DHTML. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt •
CVSS: 9.8EPSS: 72%CPEs: 9EXPL: 0CVE-2006-1728
https://notcve.org/view.php?id=CVE-2006-1728
14 Apr 2006 — Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypto.generateCRMFRequest method. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt •
CVSS: 6.1EPSS: 20%CPEs: 30EXPL: 0CVE-2006-1731
https://notcve.org/view.php?id=CVE-2006-1731
14 Apr 2006 — Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are called without any arguments, which allows remote attackers to conduct cross-site scripting (XSS) attacks. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 16%CPEs: 5EXPL: 0CVE-2006-0299
https://notcve.org/view.php?id=CVE-2006-0299
02 Feb 2006 — The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the same origin restrictions. • http://secunia.com/advisories/18700 •
CVSS: 9.1EPSS: 9%CPEs: 4EXPL: 1CVE-2006-0298
https://notcve.org/view.php?id=CVE-2006-0298
02 Feb 2006 — The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly read sensitive data via unknown attack vectors that trigger an out-of-bounds read. • http://secunia.com/advisories/18700 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 90%CPEs: 5EXPL: 0CVE-2006-0297
https://notcve.org/view.php?id=CVE-2006-0297
02 Feb 2006 — Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the (1) EscapeAttributeValue in jsxml.c for E4X, (2) nsSVGCairoSurface::Init in SVG, and (3) nsCanvasRenderingContext2D.cpp in Canvas. • http://secunia.com/advisories/18700 •
CVSS: 9.8EPSS: 96%CPEs: 4EXPL: 3CVE-2006-0295 – Mozilla Firefox 1.5 (Linux) - 'location.QueryInterface()' Code Execution
https://notcve.org/view.php?id=CVE-2006-0295
02 Feb 2006 — Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory corruption. • https://www.exploit-db.com/exploits/1474 •
CVSS: 9.8EPSS: 81%CPEs: 22EXPL: 0CVE-2006-0294
https://notcve.org/view.php?id=CVE-2006-0294
02 Feb 2006 — Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 allow remote attackers to execute arbitrary code by changing an element's style from position:relative to position:static, which causes Gecko to operate on freed memory. • http://secunia.com/advisories/18700 •
CVSS: 9.8EPSS: 95%CPEs: 21EXPL: 0CVE-2006-0296
https://notcve.org/view.php?id=CVE-2006-0296
02 Feb 2006 — The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt •