Lucene search

K

RedhatCVE-2006-6504

HistoryDec 20, 2006 - 1:28 a.m.

CVE-2006-6504

2006-12-2001:28:00

CWE-94

redhat

web.nvd.nist.gov

48

cve-2006-6504

mozilla firefox

seamonkey

svg

remote code execution

memory corruption

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.2

Confidence

Low

EPSS

0.921

Percentile

99.0%

Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption.

Affected configurations

Nvd

Node

mozillafirefoxRange1.5–1.5.0.9

OR

mozillafirefoxRange2.0–2.0.0.1

OR

mozillaseamonkeyRange<1.0.7

Node

canonicalubuntu_linuxMatch5.10

OR

canonicalubuntu_linuxMatch6.06lts

OR

canonicalubuntu_linuxMatch6.10

VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillaseamonkey*cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
canonicalubuntu_linux5.10cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*
canonicalubuntu_linux6.06cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
canonicalubuntu_linux6.10cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*

References

ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc

fedoranews.org/cms/node/2297

fedoranews.org/cms/node/2338

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

rhn.redhat.com/errata/RHSA-2006-0758.html

rhn.redhat.com/errata/RHSA-2006-0759.html

rhn.redhat.com/errata/RHSA-2006-0760.html

secunia.com/advisories/23282

secunia.com/advisories/23422

secunia.com/advisories/23433

secunia.com/advisories/23439

secunia.com/advisories/23440

secunia.com/advisories/23468

secunia.com/advisories/23514

secunia.com/advisories/23545

secunia.com/advisories/23589

secunia.com/advisories/23601

secunia.com/advisories/23614

secunia.com/advisories/23618

secunia.com/advisories/23672

secunia.com/advisories/23692

security.gentoo.org/glsa/glsa-200701-02.xml

securitytracker.com/id?1017417

securitytracker.com/id?1017418

www.gentoo.org/security/en/glsa/glsa-200701-04.xml

www.kb.cert.org/vuls/id/928956

www.mandriva.com/security/advisories?name=MDKSA-2007:010

www.mozilla.org/security/announce/2006/mfsa2006-73.html

www.novell.com/linux/security/advisories/2006_80_mozilla.html

www.novell.com/linux/security/advisories/2007_06_mozilla.html

www.securityfocus.com/archive/1/454939/100/0/threaded

www.securityfocus.com/archive/1/455145/100/0/threaded

www.securityfocus.com/archive/1/455728/100/200/threaded

www.securityfocus.com/bid/21668

www.ubuntu.com/usn/usn-398-1

www.ubuntu.com/usn/usn-398-2

www.us-cert.gov/cas/techalerts/TA06-354A.html

www.vupen.com/english/advisories/2006/5068

www.vupen.com/english/advisories/2008/0083

www.zerodayinitiative.com/advisories/ZDI-06-051.html

issues.rpath.com/browse/RPL-883

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11077

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.2

Confidence

Low

EPSS

0.921

Percentile

99.0%

Related for CVE-2006-6504

veracode1 zdi1 securityvulns2 debiancve1 cert1 cvelist1 mozilla1 checkpoint_advisories1 ubuntucve1 nvd1 openvas15 nessus27 fedora3 oraclelinux3 centos4 redhat3 ubuntu3 gentoo2 suse2