CVE-2006-0297Firefox vulnerability

4 documents4 sources
Severity
5.1MEDIUMNVD
EPSS
6.8%
top 8.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Mozilla ThunderbirdDebian FirefoxDebian Thunderbird+2 more
Timeline
PublishedFeb 2
Latest updateMay 1

Description

Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the (1) EscapeAttributeValue in jsxml.c for E4X, (2) nsSVGCairoSurface::Init in SVG, and (3) nsCanvasRenderingContext2D.cpp in Canvas.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages6 packages

Debianmozilla/thunderbird< 1.5.0.2-1+3
debiandebian/firefox< firefox 1.5.dfsg+1.5.0.1-1 (sid)

🔴Vulnerability Details

2
GHSA
GHSA-jxfr-hgxf-4wxp: Multiple integer overflows in Mozilla Firefox 12022-05-01
OSV
CVE-2006-0297: Multiple integer overflows in Mozilla Firefox 12006-02-02

📋Vendor Advisories

1
Debian
CVE-2006-0297: firefox - Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript...2006