Vulnerability Name:

CVE-2006-2723 (CCN-26898)

Assigned:2006-05-30
Published:2006-05-30
Updated:2018-10-18
Summary:Unspecified versions of Mozilla Firefox allow remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags.
Note: a followup post indicated that the initial report could not be verified.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: BugTraq Mailing List, Tue May 30 2006 - 07:03:36 CDT
Fire fox dos exploit

Source: CCN
Type: BugTraq Mailing List, Wed May 31 2006 - 08:59:24 CDT
Re: Fire fox dos exploit

Source: CCN
Type: BugTraq Mailing List, Wed May 31 2006 - 12:28:24 CDT
Re: Fire fox dos exploit

Source: CCN
Type: BugTraq Mailing List, Wed May 31 2006 - 13:29:54 CDT
Re: Re: Fire fox dos exploit

Source: CCN
Type: BugTraq Mailing List, Wed May 31 2006 - 15:14:41 CDT
Re: Fire fox dos exploit

Source: CCN
Type: BugTraq Mailing List, Thu Jun 08 2006 - 05:06:08 CDT
Ie opera dos exploit

Source: CCN
Type: BugTraq Mailing List, Thu Jun 22 2006 - 19:27:07 CDT
flock d0s exploit remote. beta 1 (v0.7)

Source: MITRE
Type: CNA
CVE-2006-2723

Source: MITRE
Type: CNA
CVE-2006-6954

Source: MITRE
Type: CNA
CVE-2006-6955

Source: MITRE
Type: CNA
CVE-2006-6956

Source: CCN
Type: Flock Web site
Flock - The web browser for you and your friends

Source: CCN
Type: OSVDB ID: 27208
Mozilla Firefox Nested marquee Tag Handling DoS

Source: CCN
Type: OSVDB ID: 58816
Flock Browser Nested marquee Tag Handling DoS

Source: CCN
Type: OSVDB ID: 58817
Microsoft IE Nested marquee Tag Handling DoS

Source: CCN
Type: OSVDB ID: 58818
Opera Nested marquee Tag Handling DoS

Source: CCN
Type: OSVDB ID: 64160
Opera Content Writing Uninitialized Memory Corruption

Source: BUGTRAQ
Type: UNKNOWN
20060530 Fire fox dos exploit

Source: BUGTRAQ
Type: UNKNOWN
20060531 Re: Fire fox dos exploit

Source: BUGTRAQ
Type: UNKNOWN
20060531 Re: Re: Fire fox dos exploit

Source: BUGTRAQ
Type: UNKNOWN
20060604 Re: Re: Fire fox dos exploit

Source: BID
Type: Exploit
18165

Source: CCN
Type: BID-18165
Multiple Browser Marquee Denial of Service Vulnerability

Source: CCN
Type: Mozilla Bugzilla Bug 239840
hang when many dl and marquee tags are used. exponential time increase depending on number of dl tags..

Source: XF
Type: UNKNOWN
firefox-marquee-dos(26898)

Source: XF
Type: UNKNOWN
firefox-marquee-dos(26898)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mozilla:firefox:2.0:rc3:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:opera:opera_browser:*:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    mozilla firefox 2.0 rc3
    opera opera browser *
    microsoft ie 6.0
    microsoft ie 6.0 sp1
    mozilla firefox 1.5.0.3
    mozilla firefox 1.5.0.4
    mozilla firefox 1.0.8
    mozilla firefox 2.0.0.3