Vulnerability Name:

CVE-2006-4571 (CCN-29097)

Assigned:2006-09-15
Published:2006-09-15
Updated:2018-10-17
Summary:Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allow remote attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via unspecified vectors, some of which involve JavaScript, and possibly large images or plugin data.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Denial of Service
References:Source: SGI
Type: UNKNOWN
20060901-01-P

Source: MITRE
Type: CNA
CVE-2006-4571

Source: CCN
Type: RHSA-2006-0675
firefox security update

Source: CCN
Type: RHSA-2006-0676
seamonkey security update

Source: CCN
Type: RHSA-2006-0677
thunderbird security update

Source: CCN
Type: SA21906
Mozilla Firefox Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
21906

Source: SECUNIA
Type: Vendor Advisory
21915

Source: SECUNIA
Type: Vendor Advisory
21916

Source: CCN
Type: SA21939
Mozilla Thunderbird Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
21939

Source: CCN
Type: SA21940
Mozilla SeaMonkey Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
21940

Source: SECUNIA
Type: Patch, Vendor Advisory
21949

Source: SECUNIA
Type: Vendor Advisory
21950

Source: SECUNIA
Type: Vendor Advisory
22001

Source: SECUNIA
Type: Vendor Advisory
22025

Source: SECUNIA
Type: Vendor Advisory
22036

Source: SECUNIA
Type: Vendor Advisory
22055

Source: SECUNIA
Type: Vendor Advisory
22056

Source: SECUNIA
Type: UNKNOWN
22066

Source: SECUNIA
Type: Vendor Advisory
22074

Source: SECUNIA
Type: UNKNOWN
22088

Source: SECUNIA
Type: Vendor Advisory
22195

Source: SECUNIA
Type: Vendor Advisory
22210

Source: SECUNIA
Type: Vendor Advisory
22247

Source: SECUNIA
Type: Vendor Advisory
22274

Source: SECUNIA
Type: Vendor Advisory
22299

Source: SECUNIA
Type: Vendor Advisory
22342

Source: SECUNIA
Type: Vendor Advisory
22391

Source: CCN
Type: SA22422
Avaya Products Firefox Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
22422

Source: SECUNIA
Type: Vendor Advisory
22849

Source: CCN
Type: SA24711
Netscape Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
24711

Source: GENTOO
Type: UNKNOWN
GLSA-200609-19

Source: GENTOO
Type: UNKNOWN
GLSA-200610-01

Source: GENTOO
Type: UNKNOWN
GLSA-200610-04

Source: CCN
Type: SECTRACK ID: 1016846
Mozilla Firefox Javascript Bugs Let Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1016846

Source: CCN
Type: SECTRACK ID: 1016847
Mozilla Seamonkey Javascript Bugs Let Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1016847

Source: CCN
Type: SECTRACK ID: 1016848
Mozilla Thunderbird Javascript Bugs Let Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1016848

Source: CCN
Type: ASA-2006-196
seamonkey security update (RHSA-2006-0676)

Source: CCN
Type: ASA-2006-219
thunderbird security update (RHSA-2006-0677)

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm

Source: CCN
Type: ASA-2006-224
firefox security update (RHSA-2006-0675)

Source: CCN
Type: ASA-2007-097
HP-UX Running Firefox Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS) (HPSBUX02153)

Source: DEBIAN
Type: UNKNOWN
DSA-1192

Source: DEBIAN
Type: UNKNOWN
DSA-1210

Source: DEBIAN
Type: DSA-1191
mozilla-thunderbird -- several vulnerabilities

Source: DEBIAN
Type: DSA-1192
mozilla -- several vulnerabilities

Source: DEBIAN
Type: DSA-1210
mozilla-firefox -- several vulnerabilities

Source: CCN
Type: GLSA-200609-19
Mozilla Firefox: Multiple vulnerabilities

Source: CCN
Type: GLSA-200610-01
Mozilla Thunderbird: Multiple vulnerabilities

Source: CCN
Type: GLSA-200610-04
Seamonkey: Multiple vulnerabilities

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:168

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:169

Source: CCN
Type: MFSA 2006-64
Crashes with evidence of memory corruption (rv:1.8.0.7)

Source: CONFIRM
Type: Vendor Advisory
http://www.mozilla.org/security/announce/2006/mfsa2006-64.html

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0675

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2006:0676

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2006:0677

Source: BUGTRAQ
Type: UNKNOWN
20060915 rPSA-2006-0169-1 firefox thunderbird

Source: BID
Type: UNKNOWN
20042

Source: CCN
Type: BID-20042
Mozilla Firefox/Thunderbird/Seamonkey Multiple Remote Vulnerabilities

Source: CCN
Type: USN-350-1
Thunderbird vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-350-1

Source: CCN
Type: USN-351-1
Firefox vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-351-1

Source: CCN
Type: USN-352-1
Thunderbird vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-352-1

Source: CCN
Type: USN-354-1
Firefox vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-354-1

Source: CCN
Type: USN-361-1
Mozilla vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-361-1

Source: DEBIAN
Type: UNKNOWN
DSA-1191

Source: VUPEN
Type: UNKNOWN
ADV-2006-3617

Source: VUPEN
Type: UNKNOWN
ADV-2006-3748

Source: VUPEN
Type: UNKNOWN
ADV-2007-1198

Source: VUPEN
Type: UNKNOWN
ADV-2008-0083

Source: HP
Type: UNKNOWN
SSRT061181

Source: XF
Type: UNKNOWN
mozilla-multiple-dos(29097)

Source: CONFIRM
Type: UNKNOWN
https://issues.rpath.com/browse/RPL-640

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11728

Source: SUSE
Type: SUSE-SA:2006:054
Mozilla Firefox security update

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mozilla:seamonkey:*:*:*:*:*:*:*:* (Version <= 1.0.4)
  • OR cpe:/a:mozilla:thunderbird:*:*:*:*:*:*:*:* (Version <= 1.5.0.6)

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0::dev:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5:-:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0::alpha:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0::beta:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.0::oss:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.1::personal:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20064571
    V
    		CVE-2006-4571
    2015-11-16
    oval:org.mitre.oval:def:11728
    V
    		Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allow remote attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via unspecified vectors, some of which involve JavaScript, and possibly large images or plugin data.
    2013-04-29
    oval:org.debian:def:1210
    V
    		several vulnerabilities
    2006-11-14
    oval:org.debian:def:1192
    V
    		several vulnerabilities
    2006-10-06
    oval:org.debian:def:1191
    V
    		several vulnerabilities
    2006-10-05
    oval:com.redhat.rhsa:def:20060675
    P
    		RHSA-2006:0675: firefox security update (Critical)
    2006-09-15
    oval:com.redhat.rhsa:def:20060676
    P
    		RHSA-2006:0676: seamonkey security update (Critical)
    2006-09-15
    oval:com.redhat.rhsa:def:20060677
    P
    		RHSA-2006:0677: thunderbird security update (Critical)
    2006-09-15
    BACK
    mozilla seamonkey *
    mozilla thunderbird *
    mozilla firefox 1.5 beta1
    mozilla seamonkey 1.0
    mozilla firefox 1.5
    mozilla thunderbird 1.5
    mozilla thunderbird 1.5 beta2
    mozilla firefox 1.5.0.2
    mozilla firefox 1.5.0.3
    mozilla firefox 1.5.0.4
    mozilla firefox 1.5.0.6
    mozilla seamonkey 1.0.2
    mozilla thunderbird 1.5.0.6
    mozilla thunderbird 1.5.0.5
    mozilla thunderbird 1.5.0.4
    mozilla thunderbird 1.5.0.3
    mozilla thunderbird 1.5.0.2
    mozilla thunderbird 1.5.0.1
    mozilla seamonkey 1.0
    mozilla seamonkey 1.0.1
    mozilla seamonkey 1.0.3
    mozilla seamonkey 1.0.4
    mozilla firefox 1.5.0.1
    mozilla firefox 1.5.0.5
    mozilla firefox 1.5 beta2
    mozilla seamonkey 1.0
    mozilla seamonkey 1.0
    gentoo linux *
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    suse suse linux 9.2
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    novell linux desktop 9
    redhat enterprise linux 4
    redhat enterprise linux 4
    debian debian linux 3.1
    suse suse linux 10.0
    redhat linux advanced workstation 2.1
    mandrakesoft mandrake linux 2006
    canonical ubuntu 6.06
    suse suse linux 10.1
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    suse suse linux 9.3