CVE-2006-0298 — Improper Input Validation in Firefox

CWE-20 — Improper Input Validation4 documents4 sources

Severity

5.8MEDIUMNVD

EPSS

4.4%

top 11.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Thunderbird Debian Firefox Debian Thunderbird +2 more

Timeline

PublishedFeb 2

Latest updateMay 1

Description

The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly read sensitive data via unknown attack vectors that trigger an out-of-bounds read.

CVSS vector

AV:N/AC:M/C:P/I:N/A:PExploitability: 8.6 | Impact: 4.9

Affected Packages5 packages

▶NVDmozilla/firefox1.5

▶NVDmozilla/seamonkey1.0

▶debiandebian/firefox< firefox 1.5.dfsg+1.5.0.1-1 (sid)

▶Debianmozilla/thunderbird< 1.5.0.2-1+3

▶debiandebian/thunderbird< firefox 1.5.dfsg+1.5.0.1-1 (sid)

Patches

Patch: secunia.com ↗Patch: secunia.com ↗Patch: securitytracker.com ↗

🔴Vulnerability Details

GHSA

GHSA-59jq-qmh2-r6c7: The XML parser in Mozilla Firefox before 1↗2022-05-01

▶

OSV

CVE-2006-0298: The XML parser in Mozilla Firefox before 1↗2006-02-02

▶

📋Vendor Advisories

Debian

CVE-2006-0298: firefox - The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before 1.0 allows...↗2006

▶