cbcvebase.
CVE-2006-0749
published 2006-04-14

CVE-2006-0749: nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows…

PriorityP334critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
10.49%
95.2th percentile
nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors involving a "particular sequence of HTML tags" that leads to memory corruption.

Affected

10 ranges
VendorProductVersion rangeFixed in
debianfirefox< firefox 1.5.dfsg+1.5.0.2 (sid)firefox 1.5.dfsg+1.5.0.2 (sid)
debianthunderbird< firefox 1.5.dfsg+1.5.0.2 (sid)firefox 1.5.dfsg+1.5.0.2 (sid)
mozillafirefox>= 1.0 < 1.51.5
mozillamozilla_suite< 1.7.131.7.13
mozillaseamonkey< 1.01.0
mozillathunderbird>= 0 < 1.5.0.2-11.5.0.2-1
mozillathunderbird>= 0 < 1.5.0.2-11.5.0.2-1
mozillathunderbird>= 0 < 1.5.0.2-11.5.0.2-1
mozillathunderbird>= 0 < 1.5.0.2-11.5.0.2-1
mozillathunderbird>= 1.0 < 1.0.81.0.8

CVSS provenance

nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3LOW
vendor_redhat9.3CRITICAL
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.