Vulnerability Name:

CVE-2006-0292 (CCN-24430)

Assigned:2006-02-01
Published:2006-02-01
Updated:2018-10-19
Summary:The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: SCO
Type: UNKNOWN
SCOSA-2006.26

Source: SGI
Type: UNKNOWN
20060201-01-U

Source: MITRE
Type: CNA
CVE-2006-0292

Source: CCN
Type: RHSA-2006-0199
mozilla security update

Source: CCN
Type: RHSA-2006-0200
firefox security update

Source: CCN
Type: RHSA-2006-0330
thunderbird security update

Source: CCN
Type: SA18700
Firefox Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
18700

Source: CCN
Type: SA18703
Mozilla Suite Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
18703

Source: CCN
Type: SA18704
Thunderbird Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
18704

Source: SECUNIA
Type: UNKNOWN
18705

Source: SECUNIA
Type: UNKNOWN
18706

Source: SECUNIA
Type: UNKNOWN
18708

Source: SECUNIA
Type: UNKNOWN
18709

Source: SECUNIA
Type: UNKNOWN
19230

Source: SECUNIA
Type: UNKNOWN
19746

Source: SECUNIA
Type: UNKNOWN
19759

Source: SECUNIA
Type: UNKNOWN
19780

Source: SECUNIA
Type: UNKNOWN
19821

Source: SECUNIA
Type: UNKNOWN
19823

Source: SECUNIA
Type: UNKNOWN
19852

Source: SECUNIA
Type: UNKNOWN
19862

Source: SECUNIA
Type: UNKNOWN
19863

Source: SECUNIA
Type: UNKNOWN
19902

Source: SECUNIA
Type: UNKNOWN
19941

Source: SECUNIA
Type: UNKNOWN
19950

Source: SECUNIA
Type: UNKNOWN
20051

Source: SECUNIA
Type: UNKNOWN
21033

Source: SECUNIA
Type: UNKNOWN
21622

Source: SECUNIA
Type: UNKNOWN
22065

Source: CCN
Type: SECTRACK ID: 1015570
Mozilla Firefox Multiple Vulnerabilities May Let Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1015570

Source: CCN
Type: Sun Alert ID: 102550
Multiple Security Vulnerabilites in Mozilla 1.4 and 1.7 for Solaris and for Sun JDS for Linux

Source: SUNALERT
Type: UNKNOWN
102550

Source: SUNALERT
Type: UNKNOWN
228526

Source: CCN
Type: ASA-2006-045
Mozilla and Firefox security updates (RHSA-2006-0199 RHSA-2006-0200)

Source: CCN
Type: ASA-2006-085
Mozilla Firefox and Thunderbird security update (RHSA-2006-0328 RHSA-2006-0329 RHSA-2006-330)

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm

Source: CCN
Type: ASA-2007-135
HP-UX Running Thunderbird Remote Unauthorized Access or Elevation of Privileges or Denial of Service (HPSBUX02156)

Source: DEBIAN
Type: UNKNOWN
DSA-1044

Source: DEBIAN
Type: UNKNOWN
DSA-1046

Source: DEBIAN
Type: UNKNOWN
DSA-1051

Source: DEBIAN
Type: DSA-1044
mozilla-firefox -- several vulnerabilities

Source: DEBIAN
Type: DSA-1046
mozilla -- several vulnerabilities

Source: DEBIAN
Type: DSA-1051
mozilla-thunderbird -- several vulnerabilities

Source: CCN
Type: GLSA-200604-12
Mozilla Firefox: Multiple vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200604-12

Source: CCN
Type: GLSA-200604-18
Mozilla Suite: Multiple vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200604-18

Source: CCN
Type: GLSA-200605-09
Mozilla Thunderbird: Multiple vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200605-09

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:036

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:037

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:078

Source: CCN
Type: Mozilla Web site
Mozilla Products

Source: CONFIRM
Type: UNKNOWN
http://www.mozilla.org/security/announce/2006/mfsa2006-01.html

Source: CCN
Type: MFSA 2006-01
JavaScript garbage-collection hazards

Source: SUSE
Type: UNKNOWN
SUSE-SA:2006:022

Source: FEDORA
Type: UNKNOWN
FEDORA-2006-075

Source: FEDORA
Type: UNKNOWN
FEDORA-2006-076

Source: REDHAT
Type: Vendor Advisory
RHSA-2006:0199

Source: REDHAT
Type: Vendor Advisory
RHSA-2006:0200

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0330

Source: FEDORA
Type: UNKNOWN
FLSA:180036-1

Source: FEDORA
Type: UNKNOWN
FLSA-2006:180036-2

Source: HP
Type: UNKNOWN
HPSBUX02122

Source: HP
Type: UNKNOWN
SSRT061236

Source: BID
Type: UNKNOWN
16476

Source: CCN
Type: BID-16476
Multiple Mozilla Products Memory Corruption/Code Injection/Access Restriction Bypass Vulnerabilities

Source: CCN
Type: USN-271-1
Firefox vulnerabilities

Source: CCN
Type: USN-275-1
Mozilla vulnerabilities

Source: CCN
Type: USN-276-1
Thunderbird vulnerabilities

Source: VUPEN
Type: UNKNOWN
ADV-2006-0413

Source: VUPEN
Type: UNKNOWN
ADV-2006-3391

Source: VUPEN
Type: UNKNOWN
ADV-2006-3749

Source: CCN
Type: mozilla.org Bugzilla Bug 316885
CVE-2006-0292 Unrooted access in jsinterp.c

Source: CONFIRM
Type: Patch
https://bugzilla.mozilla.org/show_bug.cgi?id=316885

Source: CCN
Type: mozilla.org Bugzilla Bug 322045
CVE-2006-0293 GC hazard during function allocation.

Source: XF
Type: UNKNOWN
mozilla-javascript-memory-corruption(24430)

Source: XF
Type: UNKNOWN
mozilla-javascript-memory-corruption(24430)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10016

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:670

Source: UBUNTU
Type: UNKNOWN
USN-271-1

Source: UBUNTU
Type: UNKNOWN
USN-275-1

Source: UBUNTU
Type: UNKNOWN
USN-276-1

Source: SUSE
Type: SUSE-SA:2006:022
MozillaThunderbird various problems

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mozilla:firefox:0.8:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:0.9:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:0.10:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.6:*:linux:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:mozilla:mozilla:1.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:0.8:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:0.10:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:0.9:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.4.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.4:beta:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:0.7:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.0:*:oss:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20060292
    V
    		CVE-2006-0292
    2015-11-16
    oval:org.mitre.oval:def:10016
    V
    		The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection.
    2013-04-29
    oval:org.mitre.oval:def:670
    V
    		Mozilla JavaScript Garbage-Collection Hazards in jsinterp.c
    2009-11-09
    oval:com.redhat.rhsa:def:20060199
    P
    		RHSA-2006:0199: mozilla security update (Critical)
    2008-03-20
    oval:org.debian:def:1051
    V
    		several vulnerabilities
    2006-05-04
    oval:org.debian:def:1046
    V
    		several vulnerabilities
    2006-04-27
    oval:org.debian:def:1044
    V
    		several vulnerabilities
    2006-04-26
    oval:com.redhat.rhsa:def:20060330
    P
    		RHSA-2006:0330: thunderbird security update (Critical)
    2006-04-25
    oval:com.redhat.rhsa:def:20060200
    P
    		RHSA-2006:0200: firefox security update (Critical)
    2006-02-02
    BACK
    mozilla firefox 0.8
    mozilla firefox 0.9
    mozilla firefox 0.9 rc
    mozilla firefox 0.9.1
    mozilla firefox 0.9.2
    mozilla firefox 0.9.3
    mozilla firefox 0.10
    mozilla firefox 0.10.1
    mozilla firefox 1.0
    mozilla firefox 1.0.1
    mozilla firefox 1.0.2
    mozilla firefox 1.0.3
    mozilla firefox 1.0.4
    mozilla firefox 1.0.5
    mozilla firefox 1.0.6
    mozilla firefox 1.0.6
    mozilla firefox 1.0.7
    mozilla firefox 1.5
    mozilla firefox 1.5 beta1
    mozilla mozilla 1.4
    mozilla mozilla 1.4.1
    mozilla mozilla 1.5
    mozilla mozilla 1.5 alpha
    mozilla mozilla 1.5 rc1
    mozilla mozilla 1.5 rc2
    mozilla mozilla 1.4
    mozilla firefox 0.8
    mozilla firefox 0.9 rc
    mozilla firefox 0.9.2
    mozilla firefox 0.9.1
    mozilla firefox 0.9.3
    mozilla firefox 0.10.1
    mozilla firefox 1.0
    mozilla firefox 1.0.1
    mozilla firefox 1.0.2
    mozilla firefox 1.0.3
    mozilla firefox 1.0.4
    mozilla firefox 1.0.6
    mozilla firefox 1.5 beta1
    mozilla firefox 1.0.7
    mozilla firefox 1.5
    mozilla firefox 1.0.8
    mozilla firefox 0.10
    mozilla firefox 0.9
    mozilla firefox 1.0.5
    mozilla mozilla 1.4.1
    mozilla mozilla 1.4.2
    mozilla mozilla 1.4.4
    mozilla mozilla 1.4 alpha
    mozilla mozilla 1.4 beta
    mozilla mozilla 1.5
    mozilla mozilla 1.5 alpha
    mozilla mozilla 1.5 rc1
    mozilla mozilla 1.5 rc2
    mozilla firefox 0.7
    gentoo linux *
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    suse suse linux 9.1
    redhat enterprise linux 3
    suse suse linux 9.2
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    debian debian linux 3.1
    suse suse linux 10.0
    redhat linux advanced workstation 2.1
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux corporate server 3.0
    suse suse linux 9.3