Mozilla Thunderbird < 1.5.0.4

The version of Thunderbird installed on the remote Windows host is prior to 1.5.0.4. It is, therefore, affected by a vulnerability as referenced in the mfsa2006-31 advisory. - EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript...

SUSE CVE-2006-2775

Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attributes with the wrong URL under certain unspecified circumstances, which might allow remote attackers to bypass restrictions by causing a persisted string to be associated with the wrong URL...

OpenDb 1.5.0.4 - Multiple LFI Vulnerability

No description provided by source...

Mozilla Firefox vulnerability in processing content-length header

Overview Mozilla Firefox contains a vulnerability in the processing of content-length header. Kazuho Oku of Cybozu Laboratories, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When a malicious website ...

Open Media Collectors Database Multiple Local File Include Vulnerabilities

Open Media Collectors Database OpenDb is prone to multiple local file- include vulnerabilities because it fails to properly sanitize user- supplied input. An attacker can exploit these vulnerabilities to obtain potentially sensitive information and execute arbitrary local scripts in the context o...

Fedora Core 5 : thunderbird-1.5.0.4-1.1.fc5 (2006-717)

Several security issues have been identified that are fixed in this release. Please refer to http://www.mozilla.org/projects/security/known-vulnerabilities.htmlth underbird1.5.0.4 for details. Users of Thunderbird are advised to update to this package, which contains version 1.5.0.4 of Thunderbir...

Fedora Core 5 : firefox-1.5.0.4-1.2.fc5 (2006-715)

Several security issues have been identified that are fixed in this release. Please refer to http://www.mozilla.org/projects/security/known-vulnerabilities.htmlfi refox1.5.0.4 for details. Users of Firefox are advised to update to this package, which contains version 1.5.0.4 of Firefox and is not...

Mozilla Foundation Security Advisory 2006-73

Mozilla Foundation Security Advisory 2006-73 Title: Mozilla SVG Processing Remote Code Execution Impact: Critical Announced: December 19, 2006 Reporter: TippingPoint and the Zero Day Initiative Products: Firefox 1.5.0.4, SeaMonkey Fixed in: Firefox 2.0.0.1 Firefox 1.5.0.9 SeaMonkey 1.0.7...

security flaw

The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow...

security flaw

Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via "jsstr tagify," which leads to memory corruption...

security flaw

Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via "jsstr tagify," which leads to memory corruption...

security flaw

EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox...

Mozilla Firefox &lt;= 1.5.0.4 Javascript Navigator Object Code Execution PoC

No description provided by source. !-- Firefox = 1.5.0.4 Javascript navigator Object Code Execution PoC http://browserfun.blogspot.com/ The following bug mfsa2006-45 was tested on the Firefox 1.5.0.4 running on Windows 2000 SP4, Windows XP SP4, and a recently updated Gentoo Linux system. This bug...

security flaw

Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via "jsstr tagify," which leads to memory corruption...

security flaw

Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte-order-Mark BOM from a UTF-8 page before the page is passed to the parser, which allows remote attackers to conduct cross-site scripting XSS attacks via a BOM sequence in the middle of a dangerous tag such as SCRIPT...

security flaw

Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via 1 nested tags in a select tag, 2 a DOMNodeRemoved mutation event, 3 "Content-implemented tree views," 4 BoxObjects, 5 the XBL implementation, 6 an ifram...

DEBIAN-CVE-2006-2786

HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via 1 invalid HTTP response headers with spaces...

DEBIAN-CVE-2006-2781

Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to cause a denial of service hang and possibly execute arbitrary code via a VCard that contains invalid base64 characters...

Mozilla Firefox 1.5.0.4 - marquee Denial of Service

Mozilla Firefox 1.5.0.4 - marquee Denial of Service Credit's go to n00b...