CVE-2006-0294

critical

Description

Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 allow remote attackers to execute arbitrary code by changing an element's style from position:relative to position:static, which causes Gecko to operate on freed memory.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1514

https://exchange.xforce.ibmcloud.com/vulnerabilities/24431

https://bugzilla.mozilla.org/show_bug.cgi?id=317934

http://www.vupen.com/english/advisories/2006/3749

http://www.vupen.com/english/advisories/2006/0413

http://www.securityfocus.com/bid/16476

http://www.securityfocus.com/archive/1/446657/100/200/threaded

http://www.mozilla.org/security/announce/2006/mfsa2006-02.html

http://securitytracker.com/id?1015570

http://secunia.com/advisories/22065

http://secunia.com/advisories/18704

http://secunia.com/advisories/18700

Details

Source: Mitre, NVD

Published: 2006-02-02

Updated: 2025-04-03

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.07642