CVSS: 7.5EPSS: 35%CPEs: 51EXPL: 2CVE-2007-0981 – Mozilla Firefox 2.0.0.1 - 'location.hostname' Cross-Domain
https://notcve.org/view.php?id=CVE-2007-0981
16 Feb 2007 — Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code. Una vulnerabilidad en los navegadores basados ??en Mozilla, incluidos Firefox anterior a versión 1.5.0.10 y versión 2.x anterior a 2.0.0.2, y SeaMonkey anterior a versión 1.0.8... • https://www.exploit-db.com/exploits/3340 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 7%CPEs: 30EXPL: 0CVE-2006-5159
https://notcve.org/view.php?id=CVE-2006-5159
03 Oct 2006 — Stack-based buffer overflow in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving JavaScript. NOTE: the vendor and original researchers have released a follow-up comment disputing the severity of this issue, in which the researcher states that "we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this... I have not succee... • http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon •
CVSS: 8.1EPSS: 0%CPEs: 30EXPL: 0CVE-2006-5160
https://notcve.org/view.php?id=CVE-2006-5160
03 Oct 2006 — Multiple unspecified vulnerabilities in Mozilla Firefox have unspecified vectors and impact, as claimed during ToorCon 2006. NOTE: the vendor and original researchers have released a follow-up comment disputing this issue, in which one researcher states that "I have no undisclosed Firefox vulnerabilities. The person who was speaking with me made this claim, and I honestly have no idea if he has them or not. ** IMPUGNADA ** Múltiples vulnerabilidades en Mozilla Firefox tienen vectores e impacto no especifica... • http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon •
CVSS: 6.4EPSS: 0%CPEs: 30EXPL: 0CVE-2006-3352
https://notcve.org/view.php?id=CVE-2006-3352
06 Jul 2006 — Cross-domain vulnerability in Mozilla Firefox allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object. NOTE: this description was based on a report that has since been retracted by the original authors. The authors misinterpreted their t... • http://isc.sans.org/diary.php?storyid=1448 •
CVSS: 9.8EPSS: 8%CPEs: 24EXPL: 1CVE-2006-2788
https://notcve.org/view.php?id=CVE-2006-2788
02 Jun 2006 — Double free vulnerability in the getRawDER function for nsIX509Cert in Firefox allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via certain Javascript code. • http://rhn.redhat.com/errata/RHSA-2006-0609.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 8%CPEs: 24EXPL: 0CVE-2006-2787
https://notcve.org/view.php?id=CVE-2006-2787
02 Jun 2006 — EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox. • http://rhn.redhat.com/errata/RHSA-2006-0609.html •
CVSS: 9.8EPSS: 23%CPEs: 43EXPL: 0CVE-2006-2779
https://notcve.org/view.php?id=CVE-2006-2779
02 Jun 2006 — Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption. • http://rhn.redhat.com/errata/RHSA-2006-0609.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 30%CPEs: 27EXPL: 0CVE-2006-1529
https://notcve.org/view.php?id=CVE-2006-1529
14 Apr 2006 — Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt •
CVSS: 9.8EPSS: 19%CPEs: 27EXPL: 0CVE-2006-1723
https://notcve.org/view.php?id=CVE-2006-1723
14 Apr 2006 — Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt •
CVSS: 9.8EPSS: 13%CPEs: 27EXPL: 0CVE-2006-0748 – Mozilla Firefox Table Rebuilding Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2006-0748
14 Apr 2006 — Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via "an invalid and non-sensical ordering of table-related tags" that results in a negative array index. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of the Mozilla/Firefox web browser and Thunderbird e-mail client. User interaction is required to exploit this vulnerability in that the... • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt • CWE-399: Resource Management Errors •