CVE-2006-4565

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a JavaScript regular expression with a "minimal quantifier."

References

ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc

http://secunia.com/advisories/21906

http://secunia.com/advisories/21915

http://secunia.com/advisories/21916

http://secunia.com/advisories/21939

http://secunia.com/advisories/21940

http://secunia.com/advisories/21949

http://secunia.com/advisories/21950

http://secunia.com/advisories/22001

http://secunia.com/advisories/22025

http://secunia.com/advisories/22036

http://secunia.com/advisories/22055

http://secunia.com/advisories/22056

http://secunia.com/advisories/22066

http://secunia.com/advisories/22074

http://secunia.com/advisories/22088

http://secunia.com/advisories/22195

http://secunia.com/advisories/22210

http://secunia.com/advisories/22247

http://secunia.com/advisories/22274

http://secunia.com/advisories/22299

http://secunia.com/advisories/22342

http://secunia.com/advisories/22391

http://secunia.com/advisories/22422

http://secunia.com/advisories/22849

http://secunia.com/advisories/24711

http://security.gentoo.org/glsa/glsa-200609-19.xml

http://security.gentoo.org/glsa/glsa-200610-01.xml

http://security.gentoo.org/glsa/glsa-200610-04.xml

http://securitytracker.com/id?1016846

http://securitytracker.com/id?1016847

http://securitytracker.com/id?1016848

http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm

http://www.debian.org/security/2006/dsa-1192

http://www.debian.org/security/2006/dsa-1210

http://www.mandriva.com/security/advisories?name=MDKSA-2006:168

http://www.mandriva.com/security/advisories?name=MDKSA-2006:169

http://www.mozilla.org/security/announce/2006/mfsa2006-57.html

http://www.novell.com/linux/security/advisories/2006_54_mozilla.html

http://www.redhat.com/support/errata/RHSA-2006-0675.html

http://www.redhat.com/support/errata/RHSA-2006-0676.html

http://www.redhat.com/support/errata/RHSA-2006-0677.html

http://www.securityfocus.com/archive/1/446140/100/0/threaded

http://www.securityfocus.com/bid/20042

http://www.ubuntu.com/usn/usn-350-1

http://www.ubuntu.com/usn/usn-351-1

http://www.ubuntu.com/usn/usn-352-1

http://www.ubuntu.com/usn/usn-354-1

http://www.ubuntu.com/usn/usn-361-1

http://www.us.debian.org/security/2006/dsa-1191

http://www.vupen.com/english/advisories/2006/3617

http://www.vupen.com/english/advisories/2006/3748

http://www.vupen.com/english/advisories/2007/1198

http://www.vupen.com/english/advisories/2008/0083

http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742

https://exchange.xforce.ibmcloud.com/vulnerabilities/28955

https://issues.rpath.com/browse/RPL-640

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11421

Details

Source: MITRE

Published: 2006-09-15

Updated: 2018-10-17

Type: CWE-119

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* versions up to 1.5.0.6 (inclusive)

cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:* versions up to 1.0.4 (inclusive)

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* versions up to 1.5.0.6 (inclusive)

Tenable Plugins

View all (35 total)

IDNameProductFamilySeverity
67424Oracle Linux 4 : thunderbird (ELSA-2006-0735 / ELSA-2006-0677 / ELBA-2006-0624 / ELSA-2006-0611)NessusOracle Linux Local Security Checks
critical
67423Oracle Linux 4 : seamonkey (ELSA-2006-0734 / ELSA-2006-0676)NessusOracle Linux Local Security Checks
critical
67422Oracle Linux 4 : firefox (ELSA-2006-0733 / ELSA-2006-0675 / ELSA-2006-0610)NessusOracle Linux Local Security Checks
critical
29355SuSE 10 Security Update : Security update for (ZYPP Patch Number 2088)NessusSuSE Local Security Checks
critical
27941Ubuntu 5.04 / 5.10 : mozilla vulnerabilities (USN-361-1)NessusUbuntu Local Security Checks
critical
27932Ubuntu 6.06 LTS : mozilla-thunderbird vulnerabilities (USN-352-1)NessusUbuntu Local Security Checks
critical
27931Ubuntu 6.06 LTS : firefox vulnerabilities (USN-351-1)NessusUbuntu Local Security Checks
critical
27930Ubuntu 5.10 : mozilla-thunderbird vulnerabilities (USN-350-1)NessusUbuntu Local Security Checks
critical
27436openSUSE 10 Security Update : seamonkey (seamonkey-2098)NessusSuSE Local Security Checks
critical
27126openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-2100)NessusSuSE Local Security Checks
critical
27114openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-2090)NessusSuSE Local Security Checks
critical
24555Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2006:169)NessusMandriva Local Security Checks
critical
24554Mandrake Linux Security Advisory : mozilla-firefox (MDKSA-2006:168)NessusMandriva Local Security Checks
critical
23659Debian DSA-1210-1 : mozilla-firefox - several vulnerabilitiesNessusDebian Local Security Checks
critical
22890GLSA-200610-04 : SeaMonkey: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
22733Debian DSA-1192-1 : mozilla - several vulnerabilitiesNessusDebian Local Security Checks
critical
22732Debian DSA-1191-1 : mozilla-thunderbird - several vulnerabilitiesNessusDebian Local Security Checks
critical
22505GLSA-200610-01 : Mozilla Thunderbird: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
22470GLSA-200609-19 : Mozilla Firefox: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
22426CentOS 4 : thunderbird (CESA-2006:0677)NessusCentOS Local Security Checks
critical
22425CentOS 3 / 4 : seamonkey (CESA-2006:0676)NessusCentOS Local Security Checks
critical
22424CentOS 4 : firefox (CESA-2006:0675)NessusCentOS Local Security Checks
critical
3745Mozilla Thunderbird < 1.5.0.7 Multiple Vulnerabilities (deprecated)Nessus Network MonitorSMTP Clients
medium
3744SeaMonkey < 1.0.5 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
3743Mozilla Firefox 1.5.x < 1.5.0.7 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
22371SeaMonkey < 1.0.5 Multiple VulnerabilitiesNessusWindows
high
22370Mozilla Thunderbird < 1.5.0.7 Multiple VulnerabilitiesNessusWindows
high
22369Firefox < 1.5.0.7 Multiple VulnerabilitiesNessusWindows
high
22359RHEL 4 : thunderbird (RHSA-2006:0677)NessusRed Hat Local Security Checks
critical
22358RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2006:0676)NessusRed Hat Local Security Checks
critical
22357RHEL 4 : firefox (RHSA-2006:0675)NessusRed Hat Local Security Checks
critical
22350FreeBSD : mozilla -- multiple vulnerabilities (e6296105-449b-11db-ba89-000c6ec775d9)NessusFreeBSD Local Security Checks
critical
801305Mozilla Thunderbird < 1.5.0.7 Multiple VulnerabilitiesLog Correlation EngineSMTP Clients
high
800868SeaMonkey < 1.0.5 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
800764Firefox < 1.5.0.7 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high