CVE-2006-6501
- EPSS 2.83%
- Veröffentlicht 20.12.2006 01:28:00
- Zuletzt bearbeitet 16.06.2026 22:33:15
Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function.
CVE-2006-6502
- EPSS 2.28%
- Veröffentlicht 20.12.2006 01:28:00
- Zuletzt bearbeitet 16.06.2026 22:33:15
Use-after-free vulnerability in the LiveConnect bridge code for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) via unknown ...
CVE-2006-6503
- EPSS 3.97%
- Veröffentlicht 20.12.2006 01:28:00
- Zuletzt bearbeitet 16.06.2026 22:33:15
Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to bypass cross-site scripting (XSS) protection by changing the src attribute of an IMG element to a javascript: ...
CVE-2006-6504
- EPSS 8.6%
- Veröffentlicht 20.12.2006 01:28:00
- Zuletzt bearbeitet 16.06.2026 22:33:16
Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption.
CVE-2006-6506
- EPSS 1.71%
- Veröffentlicht 20.12.2006 01:28:00
- Zuletzt bearbeitet 16.06.2026 22:33:16
The "Feed Preview" feature in Mozilla Firefox 2.0 before 2.0.0.1 sends the URL of the feed when requesting favicon.ico icons, which results in a privacy leak that might allow feed viewing services to determine browsing habits.
CVE-2006-6507
- EPSS 1.65%
- Veröffentlicht 20.12.2006 01:28:00
- Zuletzt bearbeitet 16.06.2026 22:33:16
Mozilla Firefox 2.0 before 2.0.0.1 allows remote attackers to bypass Cross-Site Scripting (XSS) protection via vectors related to a Function.prototype regression error.
CVE-2006-6585
- EPSS 0.99%
- Veröffentlicht 15.12.2006 19:28:00
- Zuletzt bearbeitet 16.06.2026 22:33:25
The Extensions manager in Mozilla Firefox 2.0 does not properly populate the list of local extensions, which allows attackers to construct an extension that hides itself by finding its name in the list and then calling RemoveElement, as demonstrated ...
- EPSS 1.96%
- Veröffentlicht 24.11.2006 17:07:00
- Zuletzt bearbeitet 16.06.2026 22:32:25
The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matc...
CVE-2006-5463
- EPSS 2.61%
- Veröffentlicht 08.11.2006 22:07:00
- Zuletzt bearbeitet 16.06.2026 22:31:15
Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary JavaScript bytecode via unspecified vectors involving modification of a Script object whi...
CVE-2006-5462
- EPSS 2.63%
- Veröffentlicht 08.11.2006 21:07:00
- Zuletzt bearbeitet 16.06.2026 22:31:14
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature...