Lucene search

RedhatCVE-2006-4565

HistorySep 15, 2006 - 6:07 p.m.

CVE-2006-4565

2006-09-1518:07:00

CWE-119

redhat

web.nvd.nist.gov

cve-2006-4565

mozilla firefox

buffer overflow

denial of service

remote attackers

arbitrary code

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

Low

EPSS

0.28

Percentile

96.9%

JSON

Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a JavaScript regular expression with a “minimal quantifier.”

Affected configurations

Nvd

Node

mozillafirefoxRange≤1.5.0.6

mozillaseamonkeyRange≤1.0.4

mozillathunderbirdRange≤1.5.0.6

VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillaseamonkey*cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
mozillathunderbird*cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::
mozilla	seamonkey	*	cpe:2.3:a:mozilla:seamonkey::::::::
mozilla	thunderbird	*	cpe:2.3:a:mozilla:thunderbird::::::::

References

ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc

secunia.com/advisories/21906

secunia.com/advisories/21915

secunia.com/advisories/21916

secunia.com/advisories/21939

secunia.com/advisories/21940

secunia.com/advisories/21949

secunia.com/advisories/21950

secunia.com/advisories/22001

secunia.com/advisories/22025

secunia.com/advisories/22036

secunia.com/advisories/22055

secunia.com/advisories/22056

secunia.com/advisories/22066

secunia.com/advisories/22074

secunia.com/advisories/22088

secunia.com/advisories/22195

secunia.com/advisories/22210

secunia.com/advisories/22247

secunia.com/advisories/22274

secunia.com/advisories/22299

secunia.com/advisories/22342

secunia.com/advisories/22391

secunia.com/advisories/22422

secunia.com/advisories/22849

secunia.com/advisories/24711

security.gentoo.org/glsa/glsa-200609-19.xml

security.gentoo.org/glsa/glsa-200610-01.xml

security.gentoo.org/glsa/glsa-200610-04.xml

securitytracker.com/id?1016846

securitytracker.com/id?1016847

securitytracker.com/id?1016848

support.avaya.com/elmodocs2/security/ASA-2006-224.htm

www.debian.org/security/2006/dsa-1192

www.debian.org/security/2006/dsa-1210

www.mandriva.com/security/advisories?name=MDKSA-2006:168

www.mandriva.com/security/advisories?name=MDKSA-2006:169

www.mozilla.org/security/announce/2006/mfsa2006-57.html

www.novell.com/linux/security/advisories/2006_54_mozilla.html

www.redhat.com/support/errata/RHSA-2006-0675.html

www.redhat.com/support/errata/RHSA-2006-0676.html

www.redhat.com/support/errata/RHSA-2006-0677.html

www.securityfocus.com/archive/1/446140/100/0/threaded

www.securityfocus.com/bid/20042

www.ubuntu.com/usn/usn-350-1

www.ubuntu.com/usn/usn-351-1

www.ubuntu.com/usn/usn-352-1

www.ubuntu.com/usn/usn-354-1

www.ubuntu.com/usn/usn-361-1

www.us.debian.org/security/2006/dsa-1191

www.vupen.com/english/advisories/2006/3617

www.vupen.com/english/advisories/2006/3748

www.vupen.com/english/advisories/2007/1198

www.vupen.com/english/advisories/2008/0083

www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742

exchange.xforce.ibmcloud.com/vulnerabilities/28955

issues.rpath.com/browse/RPL-640

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11421

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

Low

EPSS

0.28

Percentile

96.9%

JSON

Related for CVE-2006-4565