CVE-2006-6498

MEDIUM

Description

Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown impact and attack vectors.

References

ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc

http://fedoranews.org/cms/node/2297

http://fedoranews.org/cms/node/2338

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

http://rhn.redhat.com/errata/RHSA-2006-0758.html

http://rhn.redhat.com/errata/RHSA-2006-0759.html

http://rhn.redhat.com/errata/RHSA-2006-0760.html

http://secunia.com/advisories/23282

http://secunia.com/advisories/23420

http://secunia.com/advisories/23422

http://secunia.com/advisories/23433

http://secunia.com/advisories/23439

http://secunia.com/advisories/23440

http://secunia.com/advisories/23468

http://secunia.com/advisories/23514

http://secunia.com/advisories/23545

http://secunia.com/advisories/23589

http://secunia.com/advisories/23591

http://secunia.com/advisories/23601

http://secunia.com/advisories/23614

http://secunia.com/advisories/23618

http://secunia.com/advisories/23672

http://secunia.com/advisories/23692

http://secunia.com/advisories/23988

http://secunia.com/advisories/24078

http://secunia.com/advisories/24390

http://secunia.com/advisories/25556

http://security.gentoo.org/glsa/glsa-200701-02.xml

http://securitytracker.com/id?1017398

http://securitytracker.com/id?1017405

http://securitytracker.com/id?1017406

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102955-1

http://www.debian.org/security/2007/dsa-1253

http://www.debian.org/security/2007/dsa-1258

http://www.debian.org/security/2007/dsa-1265

http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml

http://www.kb.cert.org/vuls/id/427972

http://www.kb.cert.org/vuls/id/447772

http://www.mozilla.org/security/announce/2006/mfsa2006-68.html

http://www.novell.com/linux/security/advisories/2006_80_mozilla.html

http://www.novell.com/linux/security/advisories/2007_06_mozilla.html

http://www.securityfocus.com/archive/1/455145/100/0/threaded

http://www.securityfocus.com/archive/1/455728/100/200/threaded

http://www.securityfocus.com/bid/21668

http://www.ubuntu.com/usn/usn-398-1

http://www.ubuntu.com/usn/usn-398-2

http://www.ubuntu.com/usn/usn-400-1

http://www.us-cert.gov/cas/techalerts/TA06-354A.html

http://www.vupen.com/english/advisories/2006/5068

http://www.vupen.com/english/advisories/2007/2106

http://www.vupen.com/english/advisories/2008/0083

https://issues.rpath.com/browse/RPL-883

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10661

Details

Source: MITRE

Published: 2006-12-20

Updated: 2018-10-17

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5.0.8:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*

Tenable Plugins

View all (36 total)

IDNameProductFamilySeverity
67432Oracle Linux 4 : thunderbird (ELSA-2006-0760)NessusOracle Linux Local Security Checks
high
67431Oracle Linux 4 : seamonkey (ELSA-2006-0759)NessusOracle Linux Local Security Checks
high
67430Oracle Linux 4 : firefox (ELSA-2006-0758)NessusOracle Linux Local Security Checks
high
29358SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 2423)NessusSuSE Local Security Checks
high
27988Ubuntu 5.10 / 6.06 LTS / 6.10 : mozilla-thunderbird vulnerabilities (USN-400-1)NessusUbuntu Local Security Checks
high
27986Ubuntu 5.10 / 6.06 LTS : firefox regression (USN-398-4)NessusUbuntu Local Security Checks
high
27985Ubuntu 5.10 / 6.06 LTS : firefox vulnerabilities (USN-398-2)NessusUbuntu Local Security Checks
high
27984Ubuntu 6.10 : firefox vulnerabilities (USN-398-1)NessusUbuntu Local Security Checks
high
27438openSUSE 10 Security Update : seamonkey (seamonkey-2432)NessusSuSE Local Security Checks
high
27128openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-2421)NessusSuSE Local Security Checks
high
27117openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-2418)NessusSuSE Local Security Checks
high
24794Debian DSA-1265-1 : mozilla - several vulnerabilitiesNessusDebian Local Security Checks
high
24403Solaris 9 (sparc) : 120671-08NessusSolaris Local Security Checks
critical
24395Solaris 8 (sparc) : 120671-08NessusSolaris Local Security Checks
critical
24297Debian DSA-1258-1 : mozilla-thunderbird - several vulnerabilitiesNessusDebian Local Security Checks
high
24292Debian DSA-1253-1 : mozilla-firefox - several vulnerabilitiesNessusDebian Local Security Checks
high
24079Fedora Core 6 : thunderbird-1.5.0.9-2.fc6 (2006-1491)NessusFedora Local Security Checks
high
24008GLSA-200701-04 : SeaMonkey: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
23991GLSA-200701-02 : Mozilla Firefox: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
23962RHEL 4 : thunderbird (RHSA-2006:0760)NessusRed Hat Local Security Checks
high
23961RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2006:0759)NessusRed Hat Local Security Checks
high
23960RHEL 4 : firefox (RHSA-2006:0758)NessusRed Hat Local Security Checks
high
23944CentOS 4 : Thunderbird (CESA-2006:0760)NessusCentOS Local Security Checks
high
23943CentOS 3 / 4 : seamonkey (CESA-2006:0759)NessusCentOS Local Security Checks
high
23942CentOS 4 : Firefox (CESA-2006:0758)NessusCentOS Local Security Checks
high
3868Mozilla Firefox 1.5.x < 1.5.0.9 / 2.x < 2.0.0.1 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
3867Mozilla Thunderbird < 1.5.0.9 Multiple Vulnerabilities (deprecated)Nessus Network MonitorSMTP Clients
medium
3866SeaMonkey < 1.0.7 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
23930Firefox < 1.5.0.9 / 2.0.0.1 Multiple VulnerabilitiesNessusWindows
high
23929Mozilla Thunderbird < 1.5.0.9 Multiple VulnerabilitiesNessusWindows
high
23928SeaMonkey < 1.0.7 Multiple VulnerabilitiesNessusWindows
high
23773Solaris 9 (x86) : 120672-08NessusSolaris Local Security Checks
critical
23772Solaris 8 (x86) : 120672-08NessusSolaris Local Security Checks
critical
22987Solaris 10 (x86) : 119116-35 (deprecated)NessusSolaris Local Security Checks
critical
22954Solaris 10 (sparc) : 119115-36 (deprecated)NessusSolaris Local Security Checks
critical
801262Mozilla Thunderbird < 1.5.0.9 Multiple VulnerabilitiesLog Correlation EngineSMTP Clients
high