Total
1349 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-0299 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-02-28 | 6.4 MEDIUM | N/A |
The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the same origin restrictions. | |||||
CVE-2006-0749 | 1 Mozilla | 4 Firefox, Mozilla Suite, Seamonkey and 1 more | 2024-02-28 | 9.3 HIGH | N/A |
nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors involving a "particular sequence of HTML tags" that leads to memory corruption. | |||||
CVE-2006-1726 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-02-28 | 9.3 HIGH | N/A |
Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the js_ValueToFunctionObject check and execute arbitrary code via unknown vectors involving setTimeout and Firefox' ForEach method. | |||||
CVE-2005-0590 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2024-02-28 | 5.0 MEDIUM | N/A |
The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequence in the URL, which appears before the real hostname. | |||||
CVE-2006-1724 | 2 Debian, Mozilla | 5 Debian Linux, Firefox, Mozilla Suite and 2 more | 2024-02-28 | 7.5 HIGH | N/A |
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to DHTML. | |||||
CVE-2004-0903 | 4 Conectiva, Mozilla, Redhat and 1 more | 9 Linux, Mozilla, Thunderbird and 6 more | 2024-02-28 | 10.0 HIGH | N/A |
Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message. | |||||
CVE-2006-3807 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-02-28 | 7.5 HIGH | N/A |
Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object() constructor to return a reference to a privileged object and calling "named JavaScript functions" that use the constructor. | |||||
CVE-2006-1742 | 1 Mozilla | 4 Firefox, Mozilla Suite, Seamonkey and 1 more | 2024-02-28 | 5.0 MEDIUM | N/A |
The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger operations on freed memory and cause memory corruption. | |||||
CVE-2006-2779 | 1 Mozilla | 2 Firefox, Thunderbird | 2024-02-28 | 9.3 HIGH | N/A |
Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption. | |||||
CVE-2006-1529 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-02-28 | 7.5 HIGH | N/A |
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different. | |||||
CVE-2006-1735 | 1 Mozilla | 4 Firefox, Mozilla Suite, Seamonkey and 1 more | 2024-02-28 | 9.3 HIGH | N/A |
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using an eval in an XBL method binding (XBL.method.eval) to create Javascript functions that are compiled with extra privileges. | |||||
CVE-2006-0748 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-02-28 | 9.3 HIGH | N/A |
Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via "an invalid and non-sensical ordering of table-related tags" that results in a negative array index. | |||||
CVE-2006-0295 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-02-28 | 5.1 MEDIUM | N/A |
Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory corruption. | |||||
CVE-2006-1045 | 1 Mozilla | 1 Thunderbird | 2024-02-28 | 2.6 LOW | N/A |
The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP address, when the user reads the email and the external image is accessed. | |||||
CVE-2006-0236 | 1 Mozilla | 1 Thunderbird | 2024-02-28 | 5.1 MEDIUM | N/A |
GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-assisted attackers to execute arbitrary code via an attachment with a filename containing a large number of spaces ending with a dangerous extension that is not displayed by Thunderbird, along with an inconsistent Content-Type header, which could be used to trick a user into downloading dangerous content by dragging or saving the attachment. | |||||
CVE-2005-2602 | 1 Mozilla | 2 Firefox, Thunderbird | 2024-02-28 | 2.6 LOW | N/A |
Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to obfuscate URIs via a long URI, which causes the address bar to go blank and could facilitate phishing attacks. | |||||
CVE-2006-0884 | 1 Mozilla | 1 Thunderbird | 2024-02-28 | 9.3 HIGH | N/A |
The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail. | |||||
CVE-2006-3810 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-02-28 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the XPCNativeWrapper(window).Function construct. | |||||
CVE-2005-4809 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2024-02-28 | 5.0 MEDIUM | N/A |
Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag. | |||||
CVE-2006-3806 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-02-28 | 7.5 HIGH | N/A |
Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSource method of the Object, Array, and String objects; and (2) unspecified "string function arguments." |