CVE-2006-0297
published 2006-02-02CVE-2006-0297: Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to…
PriorityP423medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EPSS
3.85%
88.9th percentile
Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the (1) EscapeAttributeValue in jsxml.c for E4X, (2) nsSVGCairoSurface::Init in SVG, and (3) nsCanvasRenderingContext2D.cpp in Canvas.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 1.5.dfsg+1.5.0.1-1 (sid) | firefox 1.5.dfsg+1.5.0.1-1 (sid) |
| debian | thunderbird | < firefox 1.5.dfsg+1.5.0.1-1 (sid) | firefox 1.5.dfsg+1.5.0.1-1 (sid) |
| mozilla | firefox | — | — |
| mozilla | seamonkey | — | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird | >= 0 < 1.5.0.2-1 | 1.5.0.2-1 |
| mozilla | thunderbird | >= 0 < 1.5.0.2-1 | 1.5.0.2-1 |
| mozilla | thunderbird | >= 0 < 1.5.0.2-1 | 1.5.0.2-1 |
| mozilla | thunderbird | >= 0 < 1.5.0.2-1 | 1.5.0.2-1 |
CVSS provenance
nvdv2.05.1MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:P
osv5.1MEDIUM
vendor_debian5.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jxfr-hgxf-4wxp: Multiple integer overflows in Mozilla Firefox 1
ghsa_unreviewed·2022-05-01
CVE-2006-0297 [MEDIUM] GHSA-jxfr-hgxf-4wxp: Multiple integer overflows in Mozilla Firefox 1
Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the (1) EscapeAttributeValue in jsxml.c for E4X, (2) nsSVGCairoSurface::Init in SVG, and (3) nsCanvasRenderingContext2D.cpp in Canvas.
OSV
CVE-2006-0297: Multiple integer overflows in Mozilla Firefox 1
osv·2006-02-02·CVSS 5.1
CVE-2006-0297 [MEDIUM] CVE-2006-0297: Multiple integer overflows in Mozilla Firefox 1
Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the (1) EscapeAttributeValue in jsxml.c for E4X, (2) nsSVGCairoSurface::Init in SVG, and (3) nsCanvasRenderingContext2D.cpp in Canvas.
Debian
CVE-2006-0297: firefox - Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript...
vendor_debian·2006·CVSS 5.1
CVE-2006-0297 [MEDIUM] CVE-2006-0297: firefox - Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript...
Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the (1) EscapeAttributeValue in jsxml.c for E4X, (2) nsSVGCairoSurface::Init in SVG, and (3) nsCanvasRenderingContext2D.cpp in Canvas.
Scope: local
sid: resolved (fixed in 1.5.dfsg+1.5.0.1-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/18700http://secunia.com/advisories/18704http://secunia.com/advisories/22065http://securitytracker.com/id?1015570http://www.mozilla.org/security/announce/2006/mfsa2006-06.htmlhttp://www.securityfocus.com/archive/1/446657/100/200/threadedhttp://www.securityfocus.com/bid/16476http://www.vupen.com/english/advisories/2006/0413http://www.vupen.com/english/advisories/2006/3749https://bugzilla.mozilla.org/show_bug.cgi?id=319872https://bugzilla.mozilla.org/show_bug.cgi?id=322215https://exchange.xforce.ibmcloud.com/vulnerabilities/24435https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1339http://secunia.com/advisories/18700http://secunia.com/advisories/18704http://secunia.com/advisories/22065http://securitytracker.com/id?1015570http://www.mozilla.org/security/announce/2006/mfsa2006-06.htmlhttp://www.securityfocus.com/archive/1/446657/100/200/threadedhttp://www.securityfocus.com/bid/16476http://www.vupen.com/english/advisories/2006/0413http://www.vupen.com/english/advisories/2006/3749https://bugzilla.mozilla.org/show_bug.cgi?id=319872https://bugzilla.mozilla.org/show_bug.cgi?id=322215https://exchange.xforce.ibmcloud.com/vulnerabilities/24435https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1339
2006-02-02
Published