27 matches found
CVE-2006-1733
CVE-2006-1733 affects Mozilla Firefox and Thunderbird 1.x before 1.5, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0. The flaw is in the compilation scope handling of privileged built‑in XBL bindings, enabling a remote attacker to run arbitrary code via (1) valueOf.call or (2) valueOf.appl...
CVE-2006-1735
CVE-2006-1735 affects Mozilla Firefox and Thunderbird 1.x prior to 1.5 and 1.0.x prior to 1.0.8, Mozilla Suite prior to 1.7.13, and SeaMonkey prior to 1.0. The vulnerability arises from using an eval in an XBL method binding (XBL.method.eval) to create Javascript functions that are compiled with ...
CVE-2006-1737
CVE-2006-1737 is described as an integer overflow in JavaScript when processing a very large regular expression, affecting Mozilla Firefox/Thunderbird (and related Mozilla-suite components) prior to specified updates. Connected advisories corroborate a memory-currption/robustness issue in JavaScr...
CVE-2006-1741
CVE-2006-1741 affects Mozilla Firefox (1.x up to 1.5, and 1.0.x up to 1.0.8), Mozilla Suite up to 1.7.13, and SeaMonkey up to 1.0, enabling remote attackers to inject arbitrary JavaScript into other sites. The root causes involve (1) using a modal alert to suspend an event handler during page loa...
CVE-2006-1742
CVE-2006-1742 affects Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0. The issue stems from improper handling of temporary variables that are not garbage collected, which could allow remote attackers to access freed memo...
CVE-2006-1730
CVE-2006-1730 is a heap-based buffer overflow vulnerability caused by an integer overflow in the CSS letter-spacing handling, allowing remote code execution. Affected products and versions include Mozilla Firefox and Thunderbird 1.x before 1.5.0.2, and 1.0.x before 1.0.8; Mozilla Suite before 1.7...
CVE-2006-1739
CVE-2006-1739 is a memory-corruption flaw in the CSS border rendering path used by Mozilla Firefox/Thunderbird/SeaMonkey. The issue could crash the browser or potentially allow arbitrary code execution via crafted CSS (out-of-bounds writes/buffer overflow). Affected products include Firefox/Thund...
CVE-2005-2701
CVE-2005-2701 is a heap-based buffer overflow in the XBM image handling of Mozilla Firefox (pre-1.0.7) and Mozilla Suite (pre-1.7.12). Exploitation path involves a specially crafted XBM image that ends with many spaces instead of the proper end tag, enabling remote code execution under the user’s...
CVE-2005-2703
CVE-2005-2703 affects Firefox up to 1.0.7 and Mozilla Suite up to 1.7.12. The issue lets a remote attacker modify HTTP headers of XML HTTP requests made via XMLHttpRequest, potentially enabling attacks such as HTTP request smuggling or splitting. This is triggered by how XMLHttpRequests are handl...
CVE-2006-1728
CVE-2006-1728 affects multiple Mozilla-based products (Firefox and Thunderbird 1.x < 1.5.0.2; Mozilla Suite < 1.7.13; SeaMonkey
CVE-2005-2706
The CVE-2005-2706 issue affects Firefox up to 1.0.6/1.0.x and Mozilla Suite up to 1.7.11, where an about: page (e.g., about:mozilla) could run JavaScript with chrome privileges due to a chrome privileges enforcement flaw. This could enable a remote attacker to inject or execute code with the brow...
CVE-2006-1727
CVE-2006-1727 affects Mozilla-derived browsers: Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1. The issue allows remote attackers to gain chrome privileges through multiple attack vectors related to the use of XBL...
CVE-2005-2702
CVE-2005-2702 affects Mozilla/Firefox: vulnerable when processing Unicode sequences, specifically zero-width non-joiner characters. Firefox prior to 1.0.7 and Mozilla Suite prior to 1.7.12 are at risk. Reported impact: remote attacker could cause a crash and, in some scenarios, may execute arbitr...
CVE-2006-1731
CVE-2006-1731 affects Mozilla Firefox/Thunderbird 1.x and related Mozilla suites; the flaw lets a remote attacker trigger XSS by valueOf.call/valueOf.apply with no args, returning the Object prototype instead of the global window. Impact is cross-site scripting; vendors released fixes in Firefox/...
CVE-2005-2705
CVE-2005-2705 is a real vulnerability affecting the JavaScript engine in Firefox prior to 1.0.7 and Mozilla Suite prior to 1.7.12. The root cause is an integer overflow in the JavaScript engine that could allow a remote attacker to execute arbitrary code. The impact is remote code execution with ...
CVE-2005-2707
CVE-2005-2707 affects Mozilla Firefox (before 1.0.7) and Mozilla Suite (before 1.7.12). The issue allows remote attackers to spawn windows without typical UI components (address/status bars), enabling spoofing/phishing. The NVD entry assigns a base score of 5.0 (MEDIUM) with network attack vector...
CVE-2006-1734
CVE-2006-1734 affects Mozilla Firefox/Thunderbird 1.x prior to 1.5 and 1.0.x prior to 1.0.8, Mozilla Suite prior to 1.7.13, and SeaMonkey prior to 1.0. The vulnerability arises from the Object.watch method being able to access the internal cloneParent function, enabling remote attackers to execut...
CVE-2006-1738
CVE-2006-1738 affects Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0. The vulnerability allows a remote attacker to cause a crash (DoS) by altering the (1) -moz-grid and (2) -moz-grid-group display styles. Root cause is...
CVE-2006-2894
The CVE-2006-2894 issue affects Mozilla Firefox up to 1.5.0.4 and Firefox 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, SeaMonkey before 1.1.5, Netscape 8.1 and earlier. A user-assisted trick using OnKeyDown/OnKeyPress/OnKeyUp events can cause characters of a target filename to be inserted into a f...
CVE-2005-4134
CVE-2005-4134 affects Mozilla Firefox 1.5, Netscape 8.x (8.0.4 and 7.2) and K-Meleon prior to 0.9.12. A remote attacker can cause a denial of service (high CPU usage and delayed startup) by presenting a website with a large title, which is stored in history.dat but not efficiently processed durin...
CVE-2006-1736
Technical details (affected product/version/root cause/impact) are not publicly provided in the connected documents. Monitor for updates.
CVE-2006-0749
CVE-2006-0749 affects Mozilla Firefox and Thunderbird (Firefox/Thunderbird 1.x before 1.5 and Mozilla Suite before 1.7.13; SeaMonkey before 1.0.8). The issue is a memory corruption triggered by a particular sequence of HTML tags, leading to memory corruption, a remote crash, and possibly arbitrar...
CVE-2005-2704
CVE-2005-2704 affects Firefox up to 1.0.6 and Mozilla Suite up to 1.7.11/12, where an XBL control implementing an internal XPCOM interface can enable remote spoofing of DOM objects. The vulnerability enables a attacker-controlled DOM objects to impersonate or misrepresent elements, aiding phishin...
CVE-2006-1724
CVE-2006-1724 affects Firefox and Thunderbird before 1.5.0.2, 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1. It is an unspecified vulnerability related to DHTML that can cause a denial of service (crash) and possibly remote code execution. The initial document does n...
CVE-2006-1729
CVE-2006-1729 affects Mozilla Firefox 1.x (before 1.5.0.2) and 1.0.x (before 1.0.8), Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1. The vulnerability lets remote attackers read arbitrary files by abusing input controls: (1) insert the target filename into a text box and convert that box...
CVE-2006-1740
CVE-2006-1740 affects Mozilla-derived browsers, allowing remote attackers to spoof secure site indicators (e.g., the lock icon) by abusing a popup window that loads the trusted site and then navigates to a malicious site. Affected products include Firefox 1.x prior to 1.5 and 1.0.x prior to 1.0.8...
CVE-2006-2613
CVE-2006-2613 affects Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other versions before 1.8.0, as well as Netscape 7.2 and 8.1. A remote user‑assisted attacker can cause exceptions to be thrown and inspect message contents to obtain information such as the installation path. The ef...