| Vulnerability Name: | CVE-2006-0297 (CCN-24435) | ||||||||
| Assigned: | 2006-02-01 | ||||||||
| Published: | 2006-02-01 | ||||||||
| Updated: | 2018-10-19 | ||||||||
| Summary: | Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the (1) EscapeAttributeValue in jsxml.c for E4X, (2) nsSVGCairoSurface::Init in SVG, and (3) nsCanvasRenderingContext2D.cpp in Canvas. | ||||||||
| CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P) 3.8 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2006-0297 Source: CCN Type: SA18700 Firefox Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 18700 Source: CCN Type: SA18704 Thunderbird Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 18704 Source: SECUNIA Type: UNKNOWN 22065 Source: CCN Type: SECTRACK ID: 1015570 Mozilla Firefox Multiple Vulnerabilities May Let Remote Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1015570 Source: CCN Type: ASA-2007-135 HP-UX Running Thunderbird Remote Unauthorized Access or Elevation of Privileges or Denial of Service (HPSBUX02156) Source: CCN Type: Mozilla Web site Mozilla Products Source: CONFIRM Type: UNKNOWN http://www.mozilla.org/security/announce/2006/mfsa2006-06.html Source: CCN Type: MFSA 2006-06 Integer overflows in E4X, SVG, and Canvas Source: CCN Type: OSVDB ID: 22895 Mozilla Multiple Products Canvas Feature Overflow Source: CCN Type: OSVDB ID: 22896 Mozilla Multiple Products SVG Feature Overflow Source: CCN Type: OSVDB ID: 22897 Mozilla Multiple Products E4X Feature Overflow Source: HP Type: UNKNOWN SSRT061236 Source: BID Type: UNKNOWN 16476 Source: CCN Type: BID-16476 Multiple Mozilla Products Memory Corruption/Code Injection/Access Restriction Bypass Vulnerabilities Source: VUPEN Type: UNKNOWN ADV-2006-0413 Source: VUPEN Type: UNKNOWN ADV-2006-3749 Source: CONFIRM Type: UNKNOWN https://bugzilla.mozilla.org/show_bug.cgi?id=319872 Source: CONFIRM Type: UNKNOWN https://bugzilla.mozilla.org/show_bug.cgi?id=322215 Source: XF Type: UNKNOWN mozilla-component-integer-overflow(24435) Source: XF Type: UNKNOWN mozilla-component-integer-overflow(24435) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1339 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||