CVE-2006-2779

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption.

References

http://rhn.redhat.com/errata/RHSA-2006-0609.html

http://secunia.com/advisories/20376

http://secunia.com/advisories/20382

http://secunia.com/advisories/20561

http://secunia.com/advisories/20709

http://secunia.com/advisories/21134

http://secunia.com/advisories/21176

http://secunia.com/advisories/21178

http://secunia.com/advisories/21183

http://secunia.com/advisories/21188

http://secunia.com/advisories/21210

http://secunia.com/advisories/21269

http://secunia.com/advisories/21270

http://secunia.com/advisories/21324

http://secunia.com/advisories/21336

http://secunia.com/advisories/21532

http://secunia.com/advisories/21607

http://secunia.com/advisories/21631

http://secunia.com/advisories/21634

http://secunia.com/advisories/21654

http://secunia.com/advisories/22065

http://secunia.com/advisories/22066

http://secunia.com/advisories/27216

http://securitytracker.com/id?1016202

http://securitytracker.com/id?1016214

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102943-1

http://sunsolve.sun.com/search/document.do?assetkey=1-66-200387-1

http://www.debian.org/security/2006/dsa-1118

http://www.debian.org/security/2006/dsa-1120

http://www.debian.org/security/2006/dsa-1134

http://www.debian.org/security/2006/dsa-1159

http://www.debian.org/security/2006/dsa-1160

http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml

http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml

http://www.kb.cert.org/vuls/id/466673

http://www.mandriva.com/security/advisories?name=MDKSA-2006:143

http://www.mandriva.com/security/advisories?name=MDKSA-2006:145

http://www.mandriva.com/security/advisories?name=MDKSA-2006:146

http://www.mozilla.org/security/announce/2006/mfsa2006-32.html

http://www.novell.com/linux/security/advisories/2006_35_mozilla.html

http://www.redhat.com/support/errata/RHSA-2006-0578.html

http://www.redhat.com/support/errata/RHSA-2006-0594.html

http://www.redhat.com/support/errata/RHSA-2006-0610.html

http://www.redhat.com/support/errata/RHSA-2006-0611.html

http://www.securityfocus.com/archive/1/435795/100/0/threaded

http://www.securityfocus.com/archive/1/446657/100/200/threaded

http://www.securityfocus.com/archive/1/446658/100/200/threaded

http://www.securityfocus.com/bid/18228

http://www.us-cert.gov/cas/techalerts/TA06-153A.html

http://www.vupen.com/english/advisories/2006/2106

http://www.vupen.com/english/advisories/2006/3748

http://www.vupen.com/english/advisories/2006/3749

http://www.vupen.com/english/advisories/2007/3488

http://www.vupen.com/english/advisories/2008/0083

https://exchange.xforce.ibmcloud.com/vulnerabilities/26843

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9762

https://usn.ubuntu.com/296-1/

https://usn.ubuntu.com/296-2/

https://usn.ubuntu.com/297-1/

https://usn.ubuntu.com/297-3/

https://usn.ubuntu.com/323-1/

Details

Source: MITRE

Published: 2006-06-02

Updated: 2018-10-18

Type: CWE-94

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:preview_release:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5.2:*:*:*:*:*:*:*

Tenable Plugins

View all (42 total)

IDNameProductFamilySeverity
67424Oracle Linux 4 : thunderbird (ELSA-2006-0735 / ELSA-2006-0677 / ELBA-2006-0624 / ELSA-2006-0611)NessusOracle Linux Local Security Checks
critical
67422Oracle Linux 4 : firefox (ELSA-2006-0733 / ELSA-2006-0675 / ELSA-2006-0610)NessusOracle Linux Local Security Checks
critical
27901Ubuntu 5.04 / 5.10 : mozilla vulnerabilities (USN-323-1)NessusUbuntu Local Security Checks
high
27872Ubuntu 5.04 / 5.10 : mozilla-thunderbird vulnerabilities (USN-297-3)NessusUbuntu Local Security Checks
high
27870Ubuntu 6.06 LTS : mozilla-thunderbird vulnerabilities (USN-297-1)NessusUbuntu Local Security Checks
high
27869Ubuntu 5.04 / 5.10 : firefox, mozilla-firefox vulnerabilities (USN-296-2)NessusUbuntu Local Security Checks
high
27868Ubuntu 6.06 LTS : firefox vulnerabilities (USN-296-1)NessusUbuntu Local Security Checks
high
27124openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-1672)NessusSuSE Local Security Checks
high
27112openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-1585)NessusSuSE Local Security Checks
high
24403Solaris 9 (sparc) : 120671-08NessusSolaris Local Security Checks
critical
24395Solaris 8 (sparc) : 120671-08NessusSolaris Local Security Checks
critical
23894Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2006:146)NessusMandriva Local Security Checks
critical
23892Mandrake Linux Security Advisory : mozilla-firefox (MDKSA-2006:143-1)NessusMandriva Local Security Checks
critical
23773Solaris 9 (x86) : 120672-08NessusSolaris Local Security Checks
critical
23772Solaris 8 (x86) : 120672-08NessusSolaris Local Security Checks
critical
22987Solaris 10 (x86) : 119116-35 (deprecated)NessusSolaris Local Security Checks
critical
22954Solaris 10 (sparc) : 119115-36 (deprecated)NessusSolaris Local Security Checks
critical
22702Debian DSA-1160-2 : mozilla - several vulnerabilitiesNessusDebian Local Security Checks
high
22701Debian DSA-1159-2 : mozilla-thunderbird - several vulnerabilitiesNessusDebian Local Security Checks
high
22676Debian DSA-1134-1 : mozilla-thunderbird - several vulnerabilitiesNessusDebian Local Security Checks
high
22662Debian DSA-1120-1 : mozilla-firefox - several vulnerabilitiesNessusDebian Local Security Checks
high
22660Debian DSA-1118-1 : mozilla - several vulnerabilitiesNessusDebian Local Security Checks
high
22291RHEL 2.1 : seamonkey (RHSA-2006:0594)NessusRed Hat Local Security Checks
high
22163CentOS 4 : seamonkey (CESA-2006:0609)NessusCentOS Local Security Checks
high
22150RHEL 4 : seamonkey (RHSA-2006:0609)NessusRed Hat Local Security Checks
high
22138CentOS 4 : thunderbird (CESA-2006:0611)NessusCentOS Local Security Checks
high
22137CentOS 4 : Firefox (CESA-2006:0610)NessusCentOS Local Security Checks
high
22122RHEL 4 : thunderbird (RHSA-2006:0611)NessusRed Hat Local Security Checks
high
22121RHEL 4 : firefox (RHSA-2006:0610)NessusRed Hat Local Security Checks
high
3695Mozilla Firefox 1.5.x < 1.5.0.5 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
3694Mozilla Thunderbird < 1.5.0.5 Multiple Vulnerabilities (deprecated)Nessus Network MonitorSMTP Clients
medium
22088RHEL 3 : seamonkey (RHSA-2006:0578)NessusRed Hat Local Security Checks
high
21734GLSA-200606-21 : Mozilla Thunderbird: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
21705GLSA-200606-12 : Mozilla Firefox: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
21629SeaMonkey < 1.0.2 Multiple VulnerabilitiesNessusWindows
high
21628Mozilla Thunderbird < 1.5.0.4 Multiple VulnerabilitiesNessusWindows
high
21627Firefox < 1.5.0.4 Multiple VulnerabilitiesNessusWindows
high
3638Thunderbird < 1.5.0.4 Multiple Vulnerabilities (deprecated)Nessus Network MonitorSMTP Clients
medium
3637SeaMonkey < 1.0.2 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
3636Mozilla Firefox 1.5.x < 1.5.0.4 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
801227Mozilla Thunderbird < 1.5.0.5 Multiple VulnerabilitiesLog Correlation EngineSMTP Clients
high
800779Firefox < 1.5.0.4 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high