Search Results (Refine Search)
- CPE Product Version: cpe:/a:mozilla:firefox:1.5.0.3
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2006-2785 |
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 1.5.0.4 allows user-assisted remote attackers to inject arbitrary web script or HTML by tricking a user into (1) performing a "View Image" on a broken image in which the SRC attribute contains a Javascript URL, or (2) selecting "Show only this frame" on a frame whose SRC attribute contains a Javascript URL. Published: June 02, 2006; 3:02:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2006-2775 |
Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attributes with the wrong URL under certain unspecified circumstances, which might allow remote attackers to bypass restrictions by causing a persisted string to be associated with the wrong URL. Published: June 02, 2006; 2:02:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2006-2776 |
Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended. Published: June 02, 2006; 2:02:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2006-2777 |
Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to execute arbitrary code by using the nsISelectionPrivate interface of the Selection object to add a SelectionListener and create notifications that are executed in a privileged context. Published: June 02, 2006; 2:02:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2006-2778 |
The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow. Published: June 02, 2006; 2:02:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2006-2613 |
Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other versions before before 1.8.0, and Netscape 7.2 and 8.1, and possibly other versions and products, allows remote user-assisted attackers to obtain information such as the installation path by causing exceptions to be thrown and checking the message contents. Published: May 25, 2006; 9:06:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2006-2538 |
IE Tab 1.0.9 plugin for Mozilla Firefox 1.5.0.3 allows remote user-assisted attackers to cause a denial of service (application crash), possibly due to a null dereference, via certain Javascript, as demonstrated using a url parameter to the content/reloaded.html page in a chrome:// URI. Some third-party researchers claim that they are unable to reproduce this vulnerability. Published: May 22, 2006; 7:10:00 PM -0400 |
V3.x:(not available) V2.0: 2.6 LOW |
CVE-2006-2332 |
Mozilla Firefox 1.5.0.3 allows remote attackers to cause a denial of service via a web page with a large number of IMG elements in which the SRC attribute is a mailto URI. NOTE: another researcher found that the web page caused a temporary browser slowdown instead of a crash. Published: May 11, 2006; 8:02:00 PM -0400 |
V3.x:(not available) V2.0: 2.6 LOW |