Vulnerabilities > Mozilla
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-02-28 | CVE-2006-0914 | Improper Input Validation vulnerability in Mozilla Bugzilla Bugzilla 2.16.10, 2.17 through 2.18.4, and 2.20 does not properly handle certain characters in the mostfreqthreshold parameter in duplicates.cgi, which allows remote attackers to trigger a SQL error. | 5.5 |
| 2006-02-28 | CVE-2006-0913 | SQL Injection vulnerability in Bugzilla Whinedays SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17 through 2.18.4 and 2.20 allows remote authenticated users with administrative privileges to execute arbitrary SQL commands via the whinedays parameter, as accessible from editparams.cgi. | 5.5 |
| 2006-02-24 | CVE-2006-0884 | Improper Input Validation vulnerability in Mozilla Thunderbird The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail. | 9.3 |
| 2006-02-22 | CVE-2006-0836 | Remote Denial of Service vulnerability in Mozilla Thunderbird 1.5 Mozilla Thunderbird 1.5 allows user-assisted attackers to cause an unspecified denial of service by tricking the user into importing an LDIF file with a long field into the address book, as demonstrated by a long homePhone field. | 2.6 |
| 2006-02-02 | CVE-2006-0299 | Unspecified vulnerability in Mozilla Firefox, Seamonkey and Thunderbird The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the same origin restrictions. | 6.4 |
| 2006-02-02 | CVE-2006-0298 | Improper Input Validation vulnerability in Mozilla Firefox and Seamonkey The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly read sensitive data via unknown attack vectors that trigger an out-of-bounds read. | 5.8 |
| 2006-02-02 | CVE-2006-0297 | Unspecified vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the (1) EscapeAttributeValue in jsxml.c for E4X, (2) nsSVGCairoSurface::Init in SVG, and (3) nsCanvasRenderingContext2D.cpp in Canvas. | 5.1 |
| 2006-02-02 | CVE-2006-0296 | Unspecified vulnerability in Mozilla Firefox and Seamonkey The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file. | 5.0 |
| 2006-02-02 | CVE-2006-0295 | Unspecified vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory corruption. | 5.1 |
| 2006-02-02 | CVE-2006-0294 | Unspecified vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 allow remote attackers to execute arbitrary code by changing an element's style from position:relative to position:static, which causes Gecko to operate on freed memory. | 7.5 |