CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
96.6%
A vulnerability exists in Mozilla products that may allow a remote attacker to execute arbitrary code or cause a denial of service.
Mozilla products contain a vulnerability in the CSS cursor property on Microsoft Windows that may result in a crash when handling malicious images. According to the Mozilla Foundation Security Advisory 2006-69:
A miscalculated size during conversion of the image to a Windows bitmap can result in a heap buffer overflow which could be used to compromise the victim’s computer.
Mozilla also states that this flaw affects both Firefox 2 and Firefox 1.5 but not the earlier Firefox 1.0 or Mozilla Suite products.
A remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial of service.
Apply an update
According to the Mozilla Foundation Security Advisory 2006-69, this vulnerability is addressed in Firefox 2.0.0.1, Firefox 1.5.0.9, Thunderbird 1.5.0.9, and SeaMonkey 1.0.7.
722244
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: January 18, 2007
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Gentoo Linux has published advisories GLSA 200701-02, 200701-03, and 200701-04 in response to this issue. Please refer to those advisories for additional details.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23722244 Feedback>).
Updated: January 18, 2007
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Mandriva has published advisories MDKSA-2007:010, and MDKSA-2007:011 in response to this issue. Please refer to those advisories for additional details.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23722244 Feedback>).
Updated: December 21, 2006
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Refer to Mozilla Foundation Security Advisory 2006-69.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23722244 Feedback>).
Updated: January 18, 2007
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Refer to SUSE-SA:2007:006.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23722244 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This issue is addressed in Mozilla Foundation Security Advisory 2006-69. Mozilla credits Frederik Reiss with providing information about this issue.
This document was written by Chris Taschner.
CVE IDs: | CVE-2006-6500 |
---|---|
Severity Metric: | 12.15 Date Public: |
secunia.com/advisories/23439/
secunia.com/advisories/23514/
secunia.com/advisories/23545/
secunia.com/advisories/23591/
secunia.com/advisories/23598/
secunia.com/advisories/23601/
secunia.com/advisories/23614/
secunia.com/advisories/23618/
secunia.com/advisories/23692/
www.mozilla.org/security/announce/2006/mfsa2006-69.html
www.securityfocus.com/bid/21668
bugzilla.mozilla.org/show_bug.cgi?id=353553