CVE-2006-0299
- EPSS 1.97%
- Veröffentlicht 02.02.2006 23:06:00
- Zuletzt bearbeitet 16.06.2026 22:20:17
The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange info...
CVE-2006-0297
- EPSS 3.85%
- Veröffentlicht 02.02.2006 22:02:00
- Zuletzt bearbeitet 16.06.2026 22:20:17
Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the (1) EscapeAttributeValue in jsxml.c for E4X, (2) nsSVGCairoSu...
CVE-2006-0298
- EPSS 2.71%
- Veröffentlicht 02.02.2006 22:02:00
- Zuletzt bearbeitet 16.06.2026 22:20:17
The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly read sensitive data via unknown attack vectors that trigger an out-of-bounds read.
CVE-2006-0292
- EPSS 4.47%
- Veröffentlicht 02.02.2006 20:06:00
- Zuletzt bearbeitet 16.06.2026 22:20:16
The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garb...
CVE-2006-0293
- EPSS 3.65%
- Veröffentlicht 02.02.2006 20:06:00
- Zuletzt bearbeitet 16.06.2026 22:20:16
The function allocation code (js_NewFunction in jsfun.c) in Firefox 1.5 allows attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via user-defined methods that trigger garbage collection in a way that opera...
CVE-2006-0294
- EPSS 4.82%
- Veröffentlicht 02.02.2006 20:06:00
- Zuletzt bearbeitet 16.06.2026 22:20:16
Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 allow remote attackers to execute arbitrary code by changing an element's style from position:relative to position:static, which causes Gecko to o...
CVE-2006-0295
- EPSS 70.74%
- Veröffentlicht 02.02.2006 20:06:00
- Zuletzt bearbeitet 16.06.2026 22:20:17
Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory...
- EPSS 4.04%
- Veröffentlicht 02.02.2006 20:06:00
- Zuletzt bearbeitet 16.06.2026 22:20:17
The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf fil...
CVE-2006-0496
- EPSS 2.61%
- Veröffentlicht 01.02.2006 02:02:00
- Zuletzt bearbeitet 16.06.2026 22:20:43
Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding (C...
CVE-2005-4685
- EPSS 1.15%
- Veröffentlicht 31.12.2005 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:19:14
Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of ...