Vulnerability Name:

CVE-2006-5464 (CCN-30092)

Assigned:2006-11-08
Published:2006-11-08
Updated:2018-10-17
Summary:Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) via unspecified vectors.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.4 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C)
4.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: SGI
Type: UNKNOWN
20061101-01-P

Source: MITRE
Type: CNA
CVE-2006-5464

Source: CCN
Type: RHSA-2006-0733
Critical: firefox security update

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0733

Source: CCN
Type: RHSA-2006-0734
Critical: seamonkey security update

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0734

Source: CCN
Type: RHSA-2006-0735
Critical: thunderbird security update

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0735

Source: SECUNIA
Type: UNKNOWN
22066

Source: CCN
Type: SA22722
Mozilla Firefox and SeaMonkey Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
22722

Source: SECUNIA
Type: UNKNOWN
22727

Source: SECUNIA
Type: UNKNOWN
22737

Source: SECUNIA
Type: UNKNOWN
22763

Source: CCN
Type: SA22770
Mozilla Thunderbird Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
22770

Source: SECUNIA
Type: UNKNOWN
22774

Source: SECUNIA
Type: UNKNOWN
22815

Source: SECUNIA
Type: UNKNOWN
22817

Source: SECUNIA
Type: UNKNOWN
22929

Source: CCN
Type: SA22965
Avaya Messaging Storage Server Firefox Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
22965

Source: SECUNIA
Type: UNKNOWN
22980

Source: SECUNIA
Type: UNKNOWN
23009

Source: SECUNIA
Type: UNKNOWN
23013

Source: SECUNIA
Type: UNKNOWN
23197

Source: SECUNIA
Type: UNKNOWN
23202

Source: SECUNIA
Type: UNKNOWN
23235

Source: SECUNIA
Type: UNKNOWN
23263

Source: SECUNIA
Type: UNKNOWN
23287

Source: SECUNIA
Type: UNKNOWN
23297

Source: CCN
Type: SA24711
Netscape Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
24711

Source: CCN
Type: SA27328
Sun Solaris Mozilla Layout Engine Unspecified Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
27328

Source: GENTOO
Type: UNKNOWN
GLSA-200612-06

Source: GENTOO
Type: UNKNOWN
GLSA-200612-07

Source: GENTOO
Type: UNKNOWN
GLSA-200612-08

Source: CCN
Type: SECTRACK ID: 1017177
Mozilla Seamonkey Layout Engine, XML Method, and JavaScript Engine Memory Errors May Let Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: Vendor Advisory
1017177

Source: CCN
Type: SECTRACK ID: 1017178
Mozilla Thunderbird Layout Engine, XML Method, and JavaScript Engine Memory Errors May Let Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: Vendor Advisory
1017178

Source: CCN
Type: SECTRACK ID: 1017179
Mozilla Firefox Layout Engine, XML Method, and JavaScript Engine Memory Errors May Let Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: Vendor Advisory
1017179

Source: CCN
Type: Sun Alert ID: 103121
Multiple Memory Corruption Vulnerabilities in Layout Engine for Mozilla 1.7

Source: SUNALERT
Type: UNKNOWN
103121

Source: SUNALERT
Type: UNKNOWN
200587

Source: CCN
Type: ASA-2006-244
thunderbird security update (RHSA-2006-0735)

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2006-246.htm

Source: CCN
Type: ASA-2006-246
firefox security update (RHSA-2006-0733)

Source: CCN
Type: ASA-2006-247
seamonkey security update (RHSA-2006-0734)

Source: CCN
Type: ASA-2007-097
HP-UX Running Firefox Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS) (HPSBUX02153)

Source: CCN
Type: ASA-2007-470
Multiple Memory Corruption Vulnerabilities in Layout Engine for Mozilla 1.7 (Sun 103121)

Source: DEBIAN
Type: UNKNOWN
DSA-1224

Source: DEBIAN
Type: UNKNOWN
DSA-1225

Source: DEBIAN
Type: UNKNOWN
DSA-1227

Source: DEBIAN
Type: DSA-1224
mozilla -- several vulnerabilities

Source: DEBIAN
Type: DSA-1225
mozilla-firefox -- several vulnerabilities

Source: DEBIAN
Type: DSA-1227
mozilla-thunderbird -- several vulnerabilities

Source: CCN
Type: GLSA-200612-06
Mozilla Thunderbird: Multiple vulnerabilities

Source: CCN
Type: GLSA-200612-07
Mozilla Firefox: Multiple vulnerabilities

Source: CCN
Type: GLSA-200612-08
SeaMonkey: Multiple vulnerabilities

Source: CCN
Type: US-CERT VU#495288
Mozilla products contain several unspecified errors in the layout engine

Source: CERT-VN
Type: Patch, US Government Resource
VU#495288

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:205

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:206

Source: CCN
Type: MFSA 2006-65
Crashes with evidence of memory corruption (rv:1.8.0.8)

Source: CONFIRM
Type: Patch
http://www.mozilla.org/security/announce/2006/mfsa2006-65.html

Source: SUSE
Type: UNKNOWN
SUSE-SA:2006:068

Source: BUGTRAQ
Type: UNKNOWN
20061109 rPSA-2006-0206-1 firefox thunderbird

Source: BID
Type: Vendor Advisory
20957

Source: CCN
Type: BID-20957
Mozilla Client Products Multiple Remote Vulnerabilities

Source: CCN
Type: USN-381-1
Firefox vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-381-1

Source: CCN
Type: USN-382-1
Thunderbird vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-382-1

Source: CERT
Type: Third Party Advisory, US Government Resource
TA06-312A

Source: VUPEN
Type: UNKNOWN
ADV-2006-3748

Source: VUPEN
Type: UNKNOWN
ADV-2006-4387

Source: VUPEN
Type: UNKNOWN
ADV-2007-1198

Source: VUPEN
Type: UNKNOWN
ADV-2007-3588

Source: VUPEN
Type: UNKNOWN
ADV-2008-0083

Source: HP
Type: UNKNOWN
SSRT061181

Source: MISC
Type: Patch
https://bugzilla.mozilla.org/show_bug.cgi?id=307809

Source: MISC
Type: Patch
https://bugzilla.mozilla.org/show_bug.cgi?id=310267

Source: MISC
Type: Patch
https://bugzilla.mozilla.org/show_bug.cgi?id=350370

Source: MISC
Type: Patch
https://bugzilla.mozilla.org/show_bug.cgi?id=351328

Source: XF
Type: UNKNOWN
mozilla-layout-dos(30092)

Source: XF
Type: UNKNOWN
mozilla-layout-dos(30092)

Source: CONFIRM
Type: UNKNOWN
https://issues.rpath.com/browse/RPL-765

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9304

Source: SUSE
Type: SUSE-SA:2006:068
Mozilla Firefox 1.5.0.8 release

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mozilla:firefox:1.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0:*:dev:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5:-:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0::dev:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5:-:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0::alpha:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0::beta:*:*:*:*:*
  • AND
  • cpe:/o:sun:solaris:8::x86:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:sun:solaris:8::sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9::x86:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10::sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10::x86:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.1::personal:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9::sparc:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20065464
    V
    		CVE-2006-5464
    2015-11-16
    oval:org.mitre.oval:def:9304
    V
    		Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) via unspecified vectors.
    2013-04-29
    oval:org.debian:def:1225
    V
    		several vulnerabilities
    2013-01-21
    oval:org.debian:def:1227
    V
    		several vulnerabilities
    2006-12-04
    oval:org.debian:def:1224
    V
    		several vulnerabilities
    2006-12-03
    oval:com.redhat.rhsa:def:20060733
    P
    		RHSA-2006:0733: firefox security update (Critical)
    2006-11-08
    oval:com.redhat.rhsa:def:20060734
    P
    		RHSA-2006:0734: seamonkey security update (Critical)
    2006-11-08
    oval:com.redhat.rhsa:def:20060735
    P
    		RHSA-2006:0735: thunderbird security update (Critical)
    2006-11-08
    BACK
    mozilla firefox 1.5
    mozilla firefox 1.5 beta1
    mozilla firefox 1.5 beta2
    mozilla firefox 1.5.0.1
    mozilla firefox 1.5.0.2
    mozilla firefox 1.5.0.3
    mozilla firefox 1.5.0.4
    mozilla firefox 1.5.0.5
    mozilla firefox 1.5.0.6
    mozilla firefox 1.5.0.7
    mozilla seamonkey 1.0
    mozilla seamonkey 1.0
    mozilla seamonkey 1.0
    mozilla seamonkey 1.0 beta
    mozilla seamonkey 1.0.1
    mozilla seamonkey 1.0.2
    mozilla seamonkey 1.0.3
    mozilla seamonkey 1.0.4
    mozilla seamonkey 1.0.5
    mozilla thunderbird 1.5
    mozilla thunderbird 1.5 beta2
    mozilla thunderbird 1.5.0.1
    mozilla thunderbird 1.5.0.2
    mozilla thunderbird 1.5.0.3
    mozilla thunderbird 1.5.0.4
    mozilla thunderbird 1.5.0.6
    mozilla thunderbird 1.5.0.7
    mozilla firefox 1.5 beta1
    mozilla seamonkey 1.0
    mozilla firefox 1.5
    mozilla thunderbird 1.5
    mozilla thunderbird 1.5 beta2
    mozilla firefox 1.5.0.2
    mozilla firefox 1.5.0.3
    mozilla firefox 1.5.0.4
    mozilla firefox 1.5.0.6
    mozilla firefox 1.5.0.7
    mozilla thunderbird 1.5.0.7
    mozilla seamonkey 1.0.5
    mozilla seamonkey 1.0.2
    mozilla thunderbird 1.5.0.6
    mozilla thunderbird 1.5.0.4
    mozilla thunderbird 1.5.0.3
    mozilla thunderbird 1.5.0.2
    mozilla thunderbird 1.5.0.1
    mozilla seamonkey 1.0
    mozilla seamonkey 1.0.1
    mozilla seamonkey 1.0.3
    mozilla seamonkey 1.0.4
    mozilla firefox 1.5.0.1
    mozilla firefox 1.5.0.5
    mozilla firefox 1.5 beta2
    mozilla seamonkey 1.0
    mozilla seamonkey 1.0
    sun solaris 8
    gentoo linux *
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    sun solaris 8
    sun solaris 9
    redhat enterprise linux 3
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    novell linux desktop 9
    redhat enterprise linux 4
    redhat enterprise linux 4
    debian debian linux 3.1
    sun solaris 10
    sun solaris 10
    redhat linux advanced workstation 2.1
    canonical ubuntu 6.06
    suse suse linux 10.1
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    sun solaris 9