CVE-2006-0294 — Firefox vulnerability

4 documents4 sources

Severity

7.5HIGHNVD

EPSS

6.0%

top 9.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Thunderbird Debian Firefox Debian Thunderbird +2 more

Timeline

PublishedFeb 2

Latest updateMay 1

Description

Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 allow remote attackers to execute arbitrary code by changing an element's style from position:relative to position:static, which causes Gecko to operate on freed memory.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages6 packages

▶Debianmozilla/thunderbird< 1.5.0.2-1+3

▶NVDmozilla/firefox16 versions+15

▶NVDmozilla/seamonkey1.0

▶NVDmozilla/thunderbird1.5

▶debiandebian/firefox< firefox 1.5.dfsg+1.5.0.1-1 (sid)

Patches

Patch: bugzilla.mozilla.org ↗Patch: bugzilla.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-3mjg-gvfx-f783: Mozilla Firefox before 1↗2022-05-01

▶

OSV

CVE-2006-0294: Mozilla Firefox before 1↗2006-02-02

▶

📋Vendor Advisories

Debian

CVE-2006-0294: firefox - Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, a...↗2006

▶