Vulnerability Name:

CVE-2006-6500 (CCN-30987)

Assigned:2006-12-19
Published:2006-12-19
Updated:2019-10-09
Summary:Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by setting the CSS cursor to certain images that cause an incorrect size calculation when converting to a Windows bitmap.
CVSS v3 Severity:9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2006-6500

Source: HP
Type: Broken Link
SSRT061181

Source: CCN
Type: SA23282
Mozilla Firefox Multiple Vulnerabilities

Source: SECUNIA
Type: Third Party Advisory
23282

Source: CCN
Type: SA23420
Mozilla Thunderbird Multiple Vulnerabilities

Source: SECUNIA
Type: Third Party Advisory
23420

Source: CCN
Type: SA23422
Mozilla SeaMonkey Multiple Vulnerabilities

Source: SECUNIA
Type: Third Party Advisory
23422

Source: SECUNIA
Type: Third Party Advisory
23545

Source: SECUNIA
Type: Third Party Advisory
23598

Source: SECUNIA
Type: Third Party Advisory
23614

Source: SECUNIA
Type: Third Party Advisory
23672

Source: SECUNIA
Type: Third Party Advisory
23692

Source: GENTOO
Type: Third Party Advisory
GLSA-200701-02

Source: CCN
Type: SECTRACK ID: 1017399
Mozilla Seamonkey Windows Cursor Image Conversion Heap Overflow Lets Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1017399

Source: CCN
Type: SECTRACK ID: 1017400
Mozilla Thunderbird Windows Cursor Image Conversion Heap Overflow Lets Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1017400

Source: CCN
Type: SECTRACK ID: 1017401
Mozilla Firefox Windows Cursor Image Conversion Heap Overflow Lets Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1017401

Source: CCN
Type: GLSA-200701-02
Mozilla Firefox: Multiple vulnerabilities

Source: CCN
Type: GLSA-200701-03
Mozilla Thunderbird: Multiple vulnerabilities

Source: GENTOO
Type: Third Party Advisory
GLSA-200701-03

Source: CCN
Type: GLSA-200701-04
SeaMonkey: Multiple vulnerabilities

Source: GENTOO
Type: Third Party Advisory
GLSA-200701-04

Source: CCN
Type: US-CERT VU#722244
Mozilla products vulnerable to heap overflow via miscalculated size during conversion of an image

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#722244

Source: MANDRIVA
Type: Third Party Advisory
MDKSA-2007:010

Source: MANDRIVA
Type: Third Party Advisory
MDKSA-2007:011

Source: CCN
Type: MFSA 2006-69
CSS cursor image buffer overflow (Windows only)

Source: CONFIRM
Type: Vendor Advisory
http://www.mozilla.org/security/announce/2006/mfsa2006-69.html

Source: SUSE
Type: Broken Link
SUSE-SA:2006:080

Source: SUSE
Type: Broken Link
SUSE-SA:2007:006

Source: CCN
Type: OSVDB ID: 31345
Mozilla Multiple Products on Windows CSS Cursor Image Overflow

Source: BID
Type: Third Party Advisory, VDB Entry
21668

Source: CCN
Type: BID-21668
Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities

Source: CERT
Type: Third Party Advisory, US Government Resource
TA06-354A

Source: VUPEN
Type: Third Party Advisory
ADV-2006-5068

Source: VUPEN
Type: Third Party Advisory
ADV-2008-0083

Source: XF
Type: UNKNOWN
mozilla-cursor-bo(30987)

Source: SUSE
Type: SUSE-SA:2006:080
Mozilla FirefoxThunderbird security problems

Source: SUSE
Type: SUSE-SA:2007:006
mozilla security problems

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mozilla:firefox:*:*:*:*:*:*:*:* (Version >= 1.5 and < 1.5.0.9)
  • OR cpe:/a:mozilla:firefox:*:*:*:*:*:*:*:* (Version >= 2.0 and < 2.0.0.1)
  • OR cpe:/a:mozilla:seamonkey:*:*:*:*:*:*:*:* (Version < 1.0.7)
  • OR cpe:/a:mozilla:thunderbird:*:*:*:*:*:*:*:* (Version < 1.5.0.9)

    • Configuration 2:
  • cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0::dev:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5:-:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:2.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0::alpha:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0::beta:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.0::oss:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.1::personal:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20066500
    V
    		CVE-2006-6500
    2015-11-16
    BACK
    mozilla firefox *
    mozilla firefox *
    mozilla seamonkey *
    mozilla thunderbird *
    debian debian linux 3.1
    debian debian linux 4.0
    canonical ubuntu linux 5.10
    canonical ubuntu linux 6.06
    canonical ubuntu linux 6.10
    mozilla firefox 1.5 beta1
    mozilla firefox 2.0
    mozilla seamonkey 1.0
    mozilla firefox 1.5
    mozilla thunderbird 1.5
    mozilla thunderbird 1.5 beta2
    mozilla firefox 1.5.0.2
    mozilla firefox 1.5.0.3
    mozilla firefox 1.5.0.4
    mozilla firefox 1.5.0.6
    mozilla firefox 1.5.0.7
    mozilla thunderbird 1.5.0.7
    mozilla seamonkey 1.0.5
    mozilla seamonkey 1.0.2
    mozilla firefox 1.5.0.9
    mozilla firefox 2.0.0.1
    mozilla thunderbird 1.5.0.6
    mozilla thunderbird 1.5.0.5
    mozilla thunderbird 1.5.0.8
    mozilla thunderbird 1.5.0.4
    mozilla thunderbird 1.5.0.3
    mozilla thunderbird 1.5.0.2
    mozilla thunderbird 1.5.0.1
    mozilla firefox 2.0 beta1
    mozilla firefox 2.0 rc2
    mozilla firefox 2.0 rc3
    mozilla seamonkey 1.0
    mozilla seamonkey 1.0.1
    mozilla seamonkey 1.0.3
    mozilla seamonkey 1.0.4
    mozilla seamonkey 1.0.6
    mozilla firefox 1.5.0.1
    mozilla firefox 1.5.0.5
    mozilla firefox 1.5.0.8
    mozilla firefox 1.5 beta2
    mozilla seamonkey 1.0
    mozilla seamonkey 1.0
    gentoo linux *
    suse linux enterprise server 8
    mandrakesoft mandrake linux corporate server 3.0
    novell linux desktop 9
    novell open enterprise server *
    suse suse linux 10.0
    suse suse linux 10.1
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    novell open enterprise server *
    novell opensuse 10.2
    suse suse linux 9.3