| Vulnerability Name: | CVE-2006-2780 | ||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2006-06-02 | ||||||||||||||||||||||||||||||||||||||||
| Published: | 2006-06-02 | ||||||||||||||||||||||||||||||||||||||||
| Updated: | 2018-10-18 | ||||||||||||||||||||||||||||||||||||||||
| Summary: | Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via "jsstr tagify," which leads to memory corruption. | ||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
| ||||||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-94 | ||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | ALLOWS_ADMIN_ACCESS | ||||||||||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2006-2780 Source: REDHAT Type: UNKNOWN RHSA-2006:0609 Source: SECUNIA Type: UNKNOWN 20376 Source: SECUNIA Type: UNKNOWN 20382 Source: SECUNIA Type: UNKNOWN 20561 Source: SECUNIA Type: UNKNOWN 20709 Source: SECUNIA Type: UNKNOWN 21134 Source: SECUNIA Type: UNKNOWN 21176 Source: SECUNIA Type: UNKNOWN 21178 Source: SECUNIA Type: UNKNOWN 21183 Source: SECUNIA Type: UNKNOWN 21188 Source: SECUNIA Type: UNKNOWN 21210 Source: SECUNIA Type: UNKNOWN 21269 Source: SECUNIA Type: UNKNOWN 21270 Source: SECUNIA Type: UNKNOWN 21324 Source: SECUNIA Type: UNKNOWN 21336 Source: SECUNIA Type: UNKNOWN 21532 Source: SECUNIA Type: UNKNOWN 21607 Source: SECUNIA Type: UNKNOWN 21631 Source: SECUNIA Type: UNKNOWN 22065 Source: SECUNIA Type: UNKNOWN 22066 Source: SECUNIA Type: UNKNOWN 27216 Source: SECTRACK Type: UNKNOWN 1016202 Source: SECTRACK Type: UNKNOWN 1016214 Source: SUNALERT Type: UNKNOWN 102943 Source: SUNALERT Type: UNKNOWN 200387 Source: DEBIAN Type: UNKNOWN DSA-1118 Source: DEBIAN Type: UNKNOWN DSA-1120 Source: DEBIAN Type: UNKNOWN DSA-1134 Source: GENTOO Type: UNKNOWN GLSA-200606-12 Source: GENTOO Type: UNKNOWN GLSA-200606-21 Source: CERT-VN Type: US Government Resource VU#466673 Source: MANDRIVA Type: UNKNOWN MDKSA-2006:143 Source: MANDRIVA Type: UNKNOWN MDKSA-2006:145 Source: MANDRIVA Type: UNKNOWN MDKSA-2006:146 Source: CONFIRM Type: UNKNOWN http://www.mozilla.org/security/announce/2006/mfsa2006-32.html Source: SUSE Type: UNKNOWN SUSE-SA:2006:035 Source: REDHAT Type: UNKNOWN RHSA-2006:0578 Source: REDHAT Type: UNKNOWN RHSA-2006:0594 Source: REDHAT Type: UNKNOWN RHSA-2006:0610 Source: REDHAT Type: UNKNOWN RHSA-2006:0611 Source: BUGTRAQ Type: UNKNOWN 20060602 rPSA-2006-0091-1 firefox thunderbird Source: HP Type: UNKNOWN SSRT061236 Source: HP Type: UNKNOWN SSRT061181 Source: BID Type: UNKNOWN 18228 Source: CERT Type: US Government Resource TA06-153A Source: VUPEN Type: UNKNOWN ADV-2006-2106 Source: VUPEN Type: UNKNOWN ADV-2006-3748 Source: VUPEN Type: UNKNOWN ADV-2006-3749 Source: VUPEN Type: UNKNOWN ADV-2007-3488 Source: VUPEN Type: UNKNOWN ADV-2008-0083 Source: XF Type: UNKNOWN mozilla-browserengine-memory-corruption(26843) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:11305 Source: UBUNTU Type: UNKNOWN USN-296-1 Source: UBUNTU Type: UNKNOWN USN-296-2 Source: UBUNTU Type: UNKNOWN USN-297-1 Source: UBUNTU Type: UNKNOWN USN-297-3 Source: UBUNTU Type: UNKNOWN USN-323-1 | ||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||