CVE-2006-1740
- EPSS 2.48%
- Veröffentlicht 14.04.2006 10:02:00
- Zuletzt bearbeitet 16.06.2026 22:23:35
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing ...
- EPSS 3.88%
- Veröffentlicht 14.04.2006 10:02:00
- Zuletzt bearbeitet 16.06.2026 22:23:35
The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remot...
CVE-2006-1045
- EPSS 4.86%
- Veröffentlicht 07.03.2006 11:02:00
- Zuletzt bearbeitet 16.06.2026 22:21:55
The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive info...
CVE-2006-0884
- EPSS 7.07%
- Veröffentlicht 24.02.2006 22:02:00
- Zuletzt bearbeitet 16.06.2026 22:21:28
The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript U...
CVE-2006-0836
- EPSS 2.68%
- Veröffentlicht 22.02.2006 02:02:00
- Zuletzt bearbeitet 16.06.2026 22:21:23
Mozilla Thunderbird 1.5 allows user-assisted attackers to cause an unspecified denial of service by tricking the user into importing an LDIF file with a long field into the address book, as demonstrated by a long homePhone field.
CVE-2006-0299
- EPSS 1.97%
- Veröffentlicht 02.02.2006 23:06:00
- Zuletzt bearbeitet 16.06.2026 22:20:17
The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange info...
CVE-2006-0297
- EPSS 3.85%
- Veröffentlicht 02.02.2006 22:02:00
- Zuletzt bearbeitet 16.06.2026 22:20:17
Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the (1) EscapeAttributeValue in jsxml.c for E4X, (2) nsSVGCairoSu...
CVE-2006-0294
- EPSS 4.82%
- Veröffentlicht 02.02.2006 20:06:00
- Zuletzt bearbeitet 16.06.2026 22:20:16
Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 allow remote attackers to execute arbitrary code by changing an element's style from position:relative to position:static, which causes Gecko to o...
CVE-2006-0295
- EPSS 70.74%
- Veröffentlicht 02.02.2006 20:06:00
- Zuletzt bearbeitet 16.06.2026 22:20:17
Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory...
CVE-2006-0236
- EPSS 2.06%
- Veröffentlicht 18.01.2006 01:07:00
- Zuletzt bearbeitet 16.06.2026 22:20:09
GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-assisted attackers to execute arbitrary code via an attachment with a filename containing a large number of spaces ending with a dangerous extension that ...