CVE-2006-3805
- EPSS 6.48%
- Veröffentlicht 27.07.2006 20:04:00
- Zuletzt bearbeitet 16.06.2026 22:27:51
The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object...
CVE-2006-3808
- EPSS 2.9%
- Veröffentlicht 27.07.2006 20:04:00
- Zuletzt bearbeitet 16.06.2026 22:27:51
Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote Proxy AutoConfig (PAC) servers to execute code with elevated privileges via a PAC script that sets the FindProxyForURL function to an eval method on a privileged object.
CVE-2006-3809
- EPSS 3.04%
- Veröffentlicht 27.07.2006 20:04:00
- Zuletzt bearbeitet 16.06.2026 22:27:52
Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows scripts with the UniversalBrowserRead privilege to gain UniversalXPConnect privileges and possibly execute code or obtain sensitive data by reading into a p...
CVE-2006-3810
- EPSS 3.31%
- Veröffentlicht 27.07.2006 20:04:00
- Zuletzt bearbeitet 16.06.2026 22:27:52
Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the XPCNativeWrapper(window).Function construct.
CVE-2006-3811
- EPSS 7.47%
- Veröffentlicht 27.07.2006 20:04:00
- Zuletzt bearbeitet 16.06.2026 22:27:52
Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Javascript that leads to memory cor...
CVE-2006-3677
- EPSS 78.36%
- Veröffentlicht 27.07.2006 19:04:00
- Zuletzt bearbeitet 16.06.2026 22:27:32
Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a cra...
CVE-2006-3803
- EPSS 4.38%
- Veröffentlicht 27.07.2006 19:04:00
- Zuletzt bearbeitet 16.06.2026 22:27:50
Race condition in the JavaScript garbage collection in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code by causing the garbage collector to delete a temp...
CVE-2006-3806
- EPSS 5.36%
- Veröffentlicht 27.07.2006 19:04:00
- Zuletzt bearbeitet 16.06.2026 22:27:51
Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSourc...
CVE-2006-3807
- EPSS 5.36%
- Veröffentlicht 27.07.2006 19:04:00
- Zuletzt bearbeitet 16.06.2026 22:27:51
Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object() constructor to return a reference to a privileged object and callin...
CVE-2006-3731
- EPSS 0.95%
- Veröffentlicht 21.07.2006 14:03:00
- Zuletzt bearbeitet 16.06.2026 22:27:41
Mozilla Firefox 1.5.0.4 and earlier allows remote user-assisted attackers to cause a denial of service (crash) via a form with a multipart/form-data encoding and a user-uploaded file. NOTE: a third party has claimed that this issue might be related ...