CVE-2006-2781

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a VCard that contains invalid base64 characters.

References

http://rhn.redhat.com/errata/RHSA-2006-0609.html

http://secunia.com/advisories/20382

http://secunia.com/advisories/20394

http://secunia.com/advisories/20709

http://secunia.com/advisories/21134

http://secunia.com/advisories/21178

http://secunia.com/advisories/21183

http://secunia.com/advisories/21210

http://secunia.com/advisories/21269

http://secunia.com/advisories/21324

http://secunia.com/advisories/21336

http://secunia.com/advisories/21607

http://secunia.com/advisories/21631

http://secunia.com/advisories/22065

http://securitytracker.com/id?1016214

http://www.debian.org/security/2006/dsa-1118

http://www.debian.org/security/2006/dsa-1134

http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml

http://www.mandriva.com/security/advisories?name=MDKSA-2006:146

http://www.mozilla.org/security/announce/2006/mfsa2006-40.html

http://www.novell.com/linux/security/advisories/2006_35_mozilla.html

http://www.redhat.com/support/errata/RHSA-2006-0578.html

http://www.redhat.com/support/errata/RHSA-2006-0594.html

http://www.redhat.com/support/errata/RHSA-2006-0611.html

http://www.securityfocus.com/archive/1/435795/100/0/threaded

http://www.securityfocus.com/archive/1/446657/100/200/threaded

http://www.securityfocus.com/bid/18228

http://www.vupen.com/english/advisories/2006/2106

http://www.vupen.com/english/advisories/2006/3749

https://exchange.xforce.ibmcloud.com/vulnerabilities/26850

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10247

https://usn.ubuntu.com/297-1/

https://usn.ubuntu.com/297-3/

https://usn.ubuntu.com/323-1/

Details

Source: MITRE

Published: 2006-06-02

Updated: 2018-10-18

Type: CWE-119

Risk Information

CVSS v2

Base Score: 6.4

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P

Impact Score: 4.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:* versions up to 1.0.1 (inclusive)

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* versions up to 1.5.0.3 (inclusive)

Tenable Plugins

View all (25 total)

IDNameProductFamilySeverity
67424Oracle Linux 4 : thunderbird (ELSA-2006-0735 / ELSA-2006-0677 / ELBA-2006-0624 / ELSA-2006-0611)NessusOracle Linux Local Security Checks
critical
27901Ubuntu 5.04 / 5.10 : mozilla vulnerabilities (USN-323-1)NessusUbuntu Local Security Checks
high
27872Ubuntu 5.04 / 5.10 : mozilla-thunderbird vulnerabilities (USN-297-3)NessusUbuntu Local Security Checks
high
27870Ubuntu 6.06 LTS : mozilla-thunderbird vulnerabilities (USN-297-1)NessusUbuntu Local Security Checks
high
27434openSUSE 10 Security Update : seamonkey (seamonkey-1671)NessusSuSE Local Security Checks
medium
27124openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-1672)NessusSuSE Local Security Checks
high
23894Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2006:146)NessusMandriva Local Security Checks
critical
22676Debian DSA-1134-1 : mozilla-thunderbird - several vulnerabilitiesNessusDebian Local Security Checks
high
22660Debian DSA-1118-1 : mozilla - several vulnerabilitiesNessusDebian Local Security Checks
high
22291RHEL 2.1 : seamonkey (RHSA-2006:0594)NessusRed Hat Local Security Checks
high
22163CentOS 4 : seamonkey (CESA-2006:0609)NessusCentOS Local Security Checks
high
22150RHEL 4 : seamonkey (RHSA-2006:0609)NessusRed Hat Local Security Checks
high
22138CentOS 4 : thunderbird (CESA-2006:0611)NessusCentOS Local Security Checks
high
22122RHEL 4 : thunderbird (RHSA-2006:0611)NessusRed Hat Local Security Checks
high
3695Mozilla Firefox 1.5.x < 1.5.0.5 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
3694Mozilla Thunderbird < 1.5.0.5 Multiple Vulnerabilities (deprecated)Nessus Network MonitorSMTP Clients
medium
22088RHEL 3 : seamonkey (RHSA-2006:0578)NessusRed Hat Local Security Checks
high
21734GLSA-200606-21 : Mozilla Thunderbird: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
21629SeaMonkey < 1.0.2 Multiple VulnerabilitiesNessusWindows
high
21628Mozilla Thunderbird < 1.5.0.4 Multiple VulnerabilitiesNessusWindows
high
3638Thunderbird < 1.5.0.4 Multiple Vulnerabilities (deprecated)Nessus Network MonitorSMTP Clients
medium
3637SeaMonkey < 1.0.2 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
3636Mozilla Firefox 1.5.x < 1.5.0.4 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
801227Mozilla Thunderbird < 1.5.0.5 Multiple VulnerabilitiesLog Correlation EngineSMTP Clients
high
800779Firefox < 1.5.0.4 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high