Mozilla : Security Vulnerabilities, CVEs, Published In February 2006 (Code Execution)
Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the (1) EscapeAttributeValue in jsxml.c for E4X, (2) nsSVGCairoSurface::Init in SVG, and (3) nsCanvasRenderingContext2D.cpp in Canvas.
Max CVSS
5.1
EPSS Score
93.92%
Published
2006-02-02
Updated
2018-10-19
CVE-2006-0295
Public exploit
Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory corruption.
Max CVSS
5.1
EPSS Score
96.97%
Published
2006-02-02
Updated
2018-10-19
Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 allow remote attackers to execute arbitrary code by changing an element's style from position:relative to position:static, which causes Gecko to operate on freed memory.
Max CVSS
7.5
EPSS Score
89.99%
Published
2006-02-02
Updated
2018-10-19
The function allocation code (js_NewFunction in jsfun.c) in Firefox 1.5 allows attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via user-defined methods that trigger garbage collection in a way that operates on freed objects.
Max CVSS
7.5
EPSS Score
87.18%
Published
2006-02-02
Updated
2018-10-19
The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection.
Max CVSS
7.5
EPSS Score
95.78%
Published
2006-02-02
Updated
2018-10-19
5 vulnerabilities found