Lucene search

MitreCVE-2006-2780

HistoryJun 02, 2006 - 7:02 p.m.

CVE-2006-2780

2006-06-0219:02:00

CWE-94

mitre

web.nvd.nist.gov

cve-2006-2780

mozilla firefox

thunderbird

integer overflow

remote attackers

denial of service

arbitrary code execution

memory corruption

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

Low

EPSS

0.508

Percentile

97.5%

JSON

Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via “jsstr tagify,” which leads to memory corruption.

Affected configurations

Nvd

Node

mozillafirefoxRange≤1.5.0.3

mozillathunderbirdRange≤1.5.0.3

VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillathunderbird*cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::
mozilla	thunderbird	*	cpe:2.3:a:mozilla:thunderbird::::::::

References

rhn.redhat.com/errata/RHSA-2006-0609.html

secunia.com/advisories/20376

secunia.com/advisories/20382

secunia.com/advisories/20561

secunia.com/advisories/20709

secunia.com/advisories/21134

secunia.com/advisories/21176

secunia.com/advisories/21178

secunia.com/advisories/21183

secunia.com/advisories/21188

secunia.com/advisories/21210

secunia.com/advisories/21269

secunia.com/advisories/21270

secunia.com/advisories/21324

secunia.com/advisories/21336

secunia.com/advisories/21532

secunia.com/advisories/21607

secunia.com/advisories/21631

secunia.com/advisories/22065

secunia.com/advisories/22066

secunia.com/advisories/27216

securitytracker.com/id?1016202

securitytracker.com/id?1016214

sunsolve.sun.com/search/document.do?assetkey=1-26-102943-1

sunsolve.sun.com/search/document.do?assetkey=1-66-200387-1

www.debian.org/security/2006/dsa-1118

www.debian.org/security/2006/dsa-1120

www.debian.org/security/2006/dsa-1134

www.gentoo.org/security/en/glsa/glsa-200606-12.xml

www.gentoo.org/security/en/glsa/glsa-200606-21.xml

www.kb.cert.org/vuls/id/466673

www.mandriva.com/security/advisories?name=MDKSA-2006:143

www.mandriva.com/security/advisories?name=MDKSA-2006:145

www.mandriva.com/security/advisories?name=MDKSA-2006:146

www.mozilla.org/security/announce/2006/mfsa2006-32.html

www.novell.com/linux/security/advisories/2006_35_mozilla.html

www.redhat.com/support/errata/RHSA-2006-0578.html

www.redhat.com/support/errata/RHSA-2006-0594.html

www.redhat.com/support/errata/RHSA-2006-0610.html

www.redhat.com/support/errata/RHSA-2006-0611.html

www.securityfocus.com/archive/1/435795/100/0/threaded

www.securityfocus.com/archive/1/446657/100/200/threaded

www.securityfocus.com/archive/1/446658/100/200/threaded

www.securityfocus.com/bid/18228

www.us-cert.gov/cas/techalerts/TA06-153A.html

www.vupen.com/english/advisories/2006/2106

www.vupen.com/english/advisories/2006/3748

www.vupen.com/english/advisories/2006/3749

www.vupen.com/english/advisories/2007/3488

www.vupen.com/english/advisories/2008/0083

exchange.xforce.ibmcloud.com/vulnerabilities/26843

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11305

usn.ubuntu.com/296-1/

usn.ubuntu.com/296-2/

usn.ubuntu.com/297-1/

usn.ubuntu.com/297-3/

usn.ubuntu.com/323-1/

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

Low

EPSS

0.508

Percentile

97.5%

JSON

Related for CVE-2006-2780