Vulnerabilities > Mozilla > Firefox > 1.5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-02-02 | CVE-2006-0298 | Improper Input Validation vulnerability in Mozilla Firefox and Seamonkey The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly read sensitive data via unknown attack vectors that trigger an out-of-bounds read. | 5.8 |
2006-02-02 | CVE-2006-0297 | Unspecified vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the (1) EscapeAttributeValue in jsxml.c for E4X, (2) nsSVGCairoSurface::Init in SVG, and (3) nsCanvasRenderingContext2D.cpp in Canvas. | 5.1 |
2006-02-02 | CVE-2006-0296 | Unspecified vulnerability in Mozilla Firefox and Seamonkey The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file. | 5.0 |
2006-02-02 | CVE-2006-0295 | Unspecified vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory corruption. | 5.1 |
2006-02-02 | CVE-2006-0294 | Unspecified vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 allow remote attackers to execute arbitrary code by changing an element's style from position:relative to position:static, which causes Gecko to operate on freed memory. | 7.5 |
2006-02-02 | CVE-2006-0293 | Unspecified vulnerability in Mozilla Firefox 1.5 The function allocation code (js_NewFunction in jsfun.c) in Firefox 1.5 allows attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via user-defined methods that trigger garbage collection in a way that operates on freed objects. | 7.5 |
2006-02-02 | CVE-2006-0292 | Unspecified vulnerability in Mozilla Firefox and Mozilla The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection. | 7.5 |
2005-12-31 | CVE-2005-4685 | Unspecified vulnerability in Mozilla Firefox and Mozilla Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site. | 6.4 |
2005-12-09 | CVE-2005-4134 | Buffer Overflow vulnerability in Mozilla Firefox Large History File Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. | 5.0 |
2005-09-09 | CVE-2005-2871 | Remote Buffer Overflow vulnerability in Mozilla/Netscape/Firefox Browsers Domain Name Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec. | 7.5 |