Total
1520 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6503 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2018-10-17 | 6.8 MEDIUM | N/A |
| Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to bypass cross-site scripting (XSS) protection by changing the src attribute of an IMG element to a javascript: URI. | |||||
| CVE-2006-6497 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in the layout engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown attack vectors. | |||||
| CVE-2006-6498 | 1 Mozilla | 4 Firefox, Mozilla, Seamonkey and 1 more | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown impact and attack vectors. | |||||
| CVE-2006-6501 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2018-10-17 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function. | |||||
| CVE-2006-5748 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-17 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger memory corruption. | |||||
| CVE-2006-5747 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-17 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary code via the XML.prototype.hasOwnProperty JavaScript function. | |||||
| CVE-2006-5463 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-17 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary JavaScript bytecode via unspecified vectors involving modification of a Script object while it is executing. | |||||
| CVE-2006-5464 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-17 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) via unspecified vectors. | |||||
| CVE-2006-4571 | 1 Mozilla | 2 Seamonkey, Thunderbird | 2018-10-17 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allow remote attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via unspecified vectors, some of which involve JavaScript, and possibly large images or plugin data. | |||||
| CVE-2006-4567 | 1 Mozilla | 2 Firefox, Thunderbird | 2018-10-17 | 2.6 LOW | N/A |
| Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a malicious site and accepting a malicious certificate for the Mozilla update site, which can then be used to install arbitrary code on the next update. | |||||
| CVE-2006-4566 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-17 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) via a malformed JavaScript regular expression that ends with a backslash in an unterminated character set ("[\\"), which leads to a buffer over-read. | |||||
| CVE-2006-4565 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-17 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a JavaScript regular expression with a "minimal quantifier." | |||||
| CVE-2006-3812 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-17 | 2.6 LOW | N/A |
| Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to reference remote files and possibly load chrome: URLs by tricking the user into copying or dragging links. | |||||
| CVE-2006-3810 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the XPCNativeWrapper(window).Function construct. | |||||
| CVE-2006-3809 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-17 | 7.5 HIGH | N/A |
| Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows scripts with the UniversalBrowserRead privilege to gain UniversalXPConnect privileges and possibly execute code or obtain sensitive data by reading into a privileged context. | |||||
| CVE-2006-3811 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Javascript that leads to memory corruption, including (1) nsListControlFrame::FireMenuItemActiveEvent, (2) buffer overflows in the string class in out-of-memory conditions, (3) table row and column groups, (4) "anonymous box selectors outside of UA stylesheets," (5) stale references to "removed nodes," and (6) running the crypto.generateCRMFRequest callback on deleted context. | |||||
| CVE-2006-3802 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-17 | 5.8 MEDIUM | N/A |
| Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to hijack native DOM methods from objects in another domain and conduct cross-site scripting (XSS) attacks using DOM methods of the top-level object. | |||||
| CVE-2006-3805 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-17 | 7.5 HIGH | N/A |
| The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used. | |||||
| CVE-2006-3807 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-17 | 7.5 HIGH | N/A |
| Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object() constructor to return a reference to a privileged object and calling "named JavaScript functions" that use the constructor. | |||||
| CVE-2006-3806 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSource method of the Object, Array, and String objects; and (2) unspecified "string function arguments." | |||||