Filtered by vendor Mozilla
Subscriptions
Filtered by product Mozilla Suite
Subscriptions
Total
27 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-1735 | 2 Mozilla, Redhat | 5 Firefox, Mozilla Suite, Seamonkey and 2 more | 2026-04-16 | N/A |
| Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using an eval in an XBL method binding (XBL.method.eval) to create Javascript functions that are compiled with extra privileges. | ||||
| CVE-2006-1737 | 2 Mozilla, Redhat | 5 Firefox, Mozilla Suite, Seamonkey and 2 more | 2026-04-16 | N/A |
| Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary bytecode via JavaScript with a large regular expression. | ||||
| CVE-2006-1739 | 2 Mozilla, Redhat | 5 Firefox, Mozilla Suite, Seamonkey and 2 more | 2026-04-16 | N/A |
| The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain Cascading Style Sheets (CSS) that causes an out-of-bounds array write and buffer overflow. | ||||
| CVE-2006-1740 | 2 Mozilla, Redhat | 5 Firefox, Mozilla Suite, Seamonkey and 2 more | 2026-04-16 | N/A |
| Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site. | ||||
| CVE-2006-1742 | 2 Mozilla, Redhat | 5 Firefox, Mozilla Suite, Seamonkey and 2 more | 2026-04-16 | N/A |
| The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger operations on freed memory and cause memory corruption. | ||||
| CVE-2006-1731 | 2 Mozilla, Redhat | 5 Firefox, Mozilla Suite, Seamonkey and 2 more | 2026-04-16 | N/A |
| Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are called without any arguments, which allows remote attackers to conduct cross-site scripting (XSS) attacks. | ||||
| CVE-2006-2894 | 2 Mozilla, Netscape | 4 Firefox, Mozilla Suite, Seamonkey and 1 more | 2026-04-16 | N/A |
| Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form. | ||||