Vulnerabilities > Mozilla > Firefox > 1.5.0.6
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-02-26 | CVE-2007-0776 | Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Heap-based buffer overflow in the _cairo_pen_init function in Mozilla Firefox 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to execute arbitrary code via a large stroke-width attribute in the clipPath element in an SVG file. | 9.3 |
2007-02-26 | CVE-2007-0775 | Remote vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allow remote attackers to cause a denial of service (crash) and potentially execute arbitrary code via certain vectors. | 3.7 |
2007-02-26 | CVE-2007-1095 | Unspecified vulnerability in Mozilla Firefox and Seamonkey Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client. network mozilla | 6.8 |
2007-02-23 | CVE-2007-1084 | Configuration vulnerability in Mozilla Firefox Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page. | 6.8 |
2007-02-16 | CVE-2007-0981 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox and Seamonkey Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code. | 7.5 |
2006-12-20 | CVE-2006-6504 | Code Injection vulnerability in multiple products Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption. | 9.3 |
2006-12-20 | CVE-2006-6503 | 7PK - Security Features vulnerability in multiple products Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to bypass cross-site scripting (XSS) protection by changing the src attribute of an IMG element to a javascript: URI. | 6.8 |
2006-12-20 | CVE-2006-6502 | Remote vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Use-after-free vulnerability in the LiveConnect bridge code for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) via unknown vectors. network mozilla | 7.1 |
2006-12-20 | CVE-2006-6501 | Permissions, Privileges, and Access Controls vulnerability in multiple products Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function. | 6.8 |
2006-12-20 | CVE-2006-6500 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by setting the CSS cursor to certain images that cause an incorrect size calculation when converting to a Windows bitmap. | 6.8 |