CVE-2006-0748

HIGH

Description

Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via "an invalid and non-sensical ordering of table-related tags" that results in a negative array index.

References

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt

ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc

http://secunia.com/advisories/19759

http://secunia.com/advisories/19794

http://secunia.com/advisories/19811

http://secunia.com/advisories/19821

http://secunia.com/advisories/19823

http://secunia.com/advisories/19852

http://secunia.com/advisories/19862

http://secunia.com/advisories/19863

http://secunia.com/advisories/19902

http://secunia.com/advisories/19941

http://secunia.com/advisories/19950

http://secunia.com/advisories/20051

http://secunia.com/advisories/21033

http://secunia.com/advisories/21622

http://secunia.com/advisories/22065

http://secunia.com/advisories/22066

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1

http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm

http://www.debian.org/security/2006/dsa-1044

http://www.debian.org/security/2006/dsa-1046

http://www.debian.org/security/2006/dsa-1051

http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml

http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml

http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml

http://www.mandriva.com/security/advisories?name=MDKSA-2006:075

http://www.mandriva.com/security/advisories?name=MDKSA-2006:076

http://www.mandriva.com/security/advisories?name=MDKSA-2006:078

http://www.mozilla.org/security/announce/2006/mfsa2006-27.html

http://www.novell.com/linux/security/advisories/2006_04_25.html

http://www.redhat.com/support/errata/RHSA-2006-0329.html

http://www.redhat.com/support/errata/RHSA-2006-0330.html

http://www.securityfocus.com/archive/1/432103/100/0/threaded

http://www.securityfocus.com/archive/1/436296/100/0/threaded

http://www.securityfocus.com/archive/1/436338/100/0/threaded

http://www.securityfocus.com/archive/1/438730/100/0/threaded

http://www.securityfocus.com/archive/1/446657/100/200/threaded

http://www.securityfocus.com/archive/1/446658/100/200/threaded

http://www.securityfocus.com/bid/17516

http://www.vupen.com/english/advisories/2006/1356

http://www.vupen.com/english/advisories/2006/3391

http://www.vupen.com/english/advisories/2006/3748

http://www.vupen.com/english/advisories/2006/3749

http://www.vupen.com/english/advisories/2008/0083

http://www.zerodayinitiative.com/advisories/ZDI-06-011/

https://exchange.xforce.ibmcloud.com/vulnerabilities/25985

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11164

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1189

https://usn.ubuntu.com/275-1/

https://usn.ubuntu.com/276-1/

Details

Source: MITRE

Published: 2006-04-14

Updated: 2018-10-19

Type: CWE-399

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH