CVE-2006-0749
published 2006-04-14CVE-2006-0749: nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows…
PriorityP334critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
10.49%
95.2th percentile
nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors involving a "particular sequence of HTML tags" that leads to memory corruption.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 1.5.dfsg+1.5.0.2 (sid) | firefox 1.5.dfsg+1.5.0.2 (sid) |
| debian | thunderbird | < firefox 1.5.dfsg+1.5.0.2 (sid) | firefox 1.5.dfsg+1.5.0.2 (sid) |
| mozilla | firefox | >= 1.0 < 1.5 | 1.5 |
| mozilla | mozilla_suite | < 1.7.13 | 1.7.13 |
| mozilla | seamonkey | < 1.0 | 1.0 |
| mozilla | thunderbird | >= 0 < 1.5.0.2-1 | 1.5.0.2-1 |
| mozilla | thunderbird | >= 0 < 1.5.0.2-1 | 1.5.0.2-1 |
| mozilla | thunderbird | >= 0 < 1.5.0.2-1 | 1.5.0.2-1 |
| mozilla | thunderbird | >= 0 < 1.5.0.2-1 | 1.5.0.2-1 |
| mozilla | thunderbird | >= 1.0 < 1.0.8 | 1.0.8 |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3LOW
vendor_redhat9.3CRITICAL
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Thunderbird vulnerabilities
vendor_ubuntu·2006-05-03·CVSS 7.5
CVE-2006-1742 [HIGH] Thunderbird vulnerabilities
Title: Thunderbird vulnerabilities
Summary: Thunderbird vulnerabilities
Igor Bukanov discovered that the JavaScript engine did not properly
declare some temporary variables. Under some rare circumstances, a
malicious mail with embedded JavaScript could exploit this to execute
arbitrary code with the privileges of the user. (CVE-2006-0292,
CVE-2006-1742)
The function XULDocument.persist() did not sufficiently validate the
names of attributes. An attacker could exploit this to inject
arbitrary XML code into the file 'localstore.rdf', which is read and
evaluated at startup. This could include JavaScript commands that
would be run with the user's privileges. (CVE-2006-0296)
Due to a flaw in the HTML tag parser a specific sequence of HTML tags
caused memory corruption. A malicious HTML emai
Ubuntu
Mozilla vulnerabilities
vendor_ubuntu·2006-04-28·CVSS 5.0
CVE-2006-1736 [MEDIUM] Mozilla vulnerabilities
Title: Mozilla vulnerabilities
Summary: Mozilla vulnerabilities
Web pages with extremely long titles caused subsequent launches of
Mozilla browser to hang for up to a few minutes, or caused Mozilla to
crash on computers with insufficient memory. (CVE-2005-4134)
Igor Bukanov discovered that the JavaScript engine did not properly
declare some temporary variables. Under some rare circumstances, a
malicious website could exploit this to execute arbitrary code with
the privileges of the user. (CVE-2006-0292, CVE-2006-1742)
The function XULDocument.persist() did not sufficiently validate the
names of attributes. An attacker could exploit this to inject
arbitrary XML code into the file 'localstore.rdf', which is read and
evaluated at startup. This could include JavaScript commands that
would
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2006-04-20·CVSS 5.0
CVE-2005-4134 [MEDIUM] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox vulnerabilities
Web pages with extremely long titles caused subsequent launches of
Firefox browser to hang for up to a few minutes, or caused Firefox to
crash on computers with insufficient memory. (CVE-2005-4134)
Igor Bukanov discovered that the JavaScript engine did not properly
declare some temporary variables. Under some rare circumstances, a
malicious website could exploit this to execute arbitrary code with
the privileges of the user. (CVE-2006-0292, CVE-2006-1742)
The function XULDocument.persist() did not sufficiently validate the
names of attributes. An attacker could exploit this to inject
arbitrary XML code into the file 'localstore.rdf', which is read and
evaluated at startup. This could include JavaScript commands that
would
Red Hat
Firefox Tag Order Vulnerability
vendor_redhat·2006-04-14·CVSS 9.3
CVE-2006-0749 [CRITICAL] Firefox Tag Order Vulnerability
Firefox Tag Order Vulnerability
nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors involving a "particular sequence of HTML tags" that leads to memory corruption.
Debian
CVE-2006-0749: firefox - nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0....
vendor_debian·2006·CVSS 9.3
CVE-2006-0749 [CRITICAL] CVE-2006-0749: firefox - nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0....
nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors involving a "particular sequence of HTML tags" that leads to memory corruption.
Scope: local
sid: resolved (fixed in 1.5.dfsg+1.5.0.2)
GHSA
GHSA-pwcc-x4h8-g74h: nsHTMLContentSink
ghsa_unreviewed·2022-05-03
CVE-2006-0749 [HIGH] GHSA-pwcc-x4h8-g74h: nsHTMLContentSink
nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors involving a "particular sequence of HTML tags" that leads to memory corruption.
OSV
CVE-2006-0749: nsHTMLContentSink
osv·2006-04-14·CVSS 9.3
CVE-2006-0749 [CRITICAL] CVE-2006-0749: nsHTMLContentSink
nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors involving a "particular sequence of HTML tags" that leads to memory corruption.
No detection rules found.
No public exploits indexed.
Bugzilla
Mozilla Thunderbird multiple vulnerabilities (CVE-2006-0749, CVE-2006-1724, CVE-2006-1730, CVE-2006-0292, et al.)
bugzilla·2006-04-22·CVSS 7.5
CVE-2006-0749 [HIGH] Mozilla Thunderbird multiple vulnerabilities (CVE-2006-0749, CVE-2006-1724, CVE-2006-1730, CVE-2006-0292, et al.)
Mozilla Thunderbird multiple vulnerabilities (CVE-2006-0749, CVE-2006-1724, CVE-2006-1730, CVE-2006-0292, et al.)
Mozilla has released a new version of Mozilla Thunderbird that corrects
serious and critical vulnerabilities in that product. Red Hat has issued
advisory RHSA-2006:0330-01 .
With that advisory, Red Hat has released thunderbird-1.0.8-1.4.1.
Here is the Problem Description from that advisory:
"Several bugs were found in the way Thunderbird processes malformed
javascript. A malicious HTML mail message could modify the content of a
different open HTML mail message, possibly stealing sensitive information
or conducting a cross-site scripting attack. Please note that JavaScript
support is disabled by default in Thunderbird. (CVE-2006-1731,
CVE-2006-1732, CVE-2006-1741)
"Several b
Bugzilla
multiple critical Firefox, Mozilla vulnerabilities (CVE-2006-0749, CVE-2006-1724, et al.)
bugzilla·2006-04-17·CVSS 9.3
CVE-2006-0749 [CRITICAL] multiple critical Firefox, Mozilla vulnerabilities (CVE-2006-0749, CVE-2006-1724, et al.)
multiple critical Firefox, Mozilla vulnerabilities (CVE-2006-0749, CVE-2006-1724, et al.)
Red Hat has issued RHSA:2006-0328-01 for Firefox
releasing firefox-1.0.8-1.4.1.
"Critical: Firefox security update
...
"Updated firefox packages that fix several security bugs are now available.
"This update has been rated as having critical security impact by the Red
Hat Security Response Team. ...
"Several bugs were found in the way Firefox processes malformed javascript.
A malicious web page could modify the content of a different open web page,
possibly stealing sensitive information or conducting a cross-site
scripting attack. (CVE-2006-1731, CVE-2006-1732, CVE-2006-1741)
"Several bugs were found in the way Firefox processes certain javascript
actions. A malicious web page could execute ar
Bugzilla
CVE-2006-0749 Mozilla Firefox Tag Order Vulnerability
bugzilla·2006-04-13·CVSS 9.3
CVE-2006-0749 [CRITICAL] CVE-2006-0749 Mozilla Firefox Tag Order Vulnerability
CVE-2006-0749 Mozilla Firefox Tag Order Vulnerability
Mozilla Firefox Tag Order Vulnerability
A particular sequence of HTML tags that reliably crash Mozilla clients was
reported by an anonymous researcher via TippingPoint and the Zero Day
Initiative. The crash is due to memory corruption that can be exploited to
run arbitary code.
Mozilla mail clients will crash on the tag sequence, but without the ability
to run scripts to fill memory with the attack code it may not be possible
for an attacker to exploit this crash.
Workaround
Upgrade to a fixed version.
References
[1]ZDI-06-008
[2]https://bugzilla.mozilla.org/show_bug.cgi?id=320182
[3]https://bugzilla.mozilla.org/show_bug.cgi?id=269095
CVE-2006-0749
Discussion:
Lifting embargo
---
An advisory has been issued which should help
Bugzilla
CVE-2006-0749 Mozilla Firefox Tag Order Vulnerability
bugzilla·2006-04-13·CVSS 9.3
CVE-2006-0749 [CRITICAL] CVE-2006-0749 Mozilla Firefox Tag Order Vulnerability
CVE-2006-0749 Mozilla Firefox Tag Order Vulnerability
Mozilla Firefox Tag Order Vulnerability
A particular sequence of HTML tags that reliably crash Mozilla clients was
reported by an anonymous researcher via TippingPoint and the Zero Day
Initiative. The crash is due to memory corruption that can be exploited to
run arbitary code.
Mozilla mail clients will crash on the tag sequence, but without the ability
to run scripts to fill memory with the attack code it may not be possible
for an attacker to exploit this crash.
Workaround
Upgrade to a fixed version.
References
[1]ZDI-06-008
[2]https://bugzilla.mozilla.org/show_bug.cgi?id=320182
[3]https://bugzilla.mozilla.org/show_bug.cgi?id=269095
CVE-2006-0749
This issue also affects FC4
Discussion:
Lifting embargo
---
(See Bug #18354
Bugzilla
CVE-2006-0749 Mozilla Firefox Tag Order Vulnerability
bugzilla·2006-04-13·CVSS 9.3
CVE-2006-0749 [CRITICAL] CVE-2006-0749 Mozilla Firefox Tag Order Vulnerability
CVE-2006-0749 Mozilla Firefox Tag Order Vulnerability
Mozilla Firefox Tag Order Vulnerability
A particular sequence of HTML tags that reliably crash Mozilla clients was
reported by an anonymous researcher via TippingPoint and the Zero Day
Initiative. The crash is due to memory corruption that can be exploited to
run arbitary code.
Mozilla mail clients will crash on the tag sequence, but without the ability
to run scripts to fill memory with the attack code it may not be possible
for an attacker to exploit this crash.
Workaround
Upgrade to a fixed version.
References
[1]ZDI-06-008
[2]https://bugzilla.mozilla.org/show_bug.cgi?id=320182
[3]https://bugzilla.mozilla.org/show_bug.cgi?id=269095
CVE-2006-0749
This issue also affects RHEL3
This issue also affects RHEL2.1
Discussion:
Lif
Bugzilla
CVE-2006-0749 Mozilla Firefox Tag Order Vulnerability
bugzilla·2006-04-13·CVSS 9.3
CVE-2006-0749 [CRITICAL] CVE-2006-0749 Mozilla Firefox Tag Order Vulnerability
CVE-2006-0749 Mozilla Firefox Tag Order Vulnerability
Mozilla Firefox Tag Order Vulnerability
A particular sequence of HTML tags that reliably crash Mozilla clients was
reported by an anonymous researcher via TippingPoint and the Zero Day
Initiative. The crash is due to memory corruption that can be exploited to
run arbitary code.
Mozilla mail clients will crash on the tag sequence, but without the ability
to run scripts to fill memory with the attack code it may not be possible
for an attacker to exploit this crash.
Workaround
Upgrade to a fixed version.
References
[1]ZDI-06-008
[2]https://bugzilla.mozilla.org/show_bug.cgi?id=320182
[3]https://bugzilla.mozilla.org/show_bug.cgi?id=269095
CVE-2006-0749
This issue also affects FC4
Discussion:
Lifting embargo
---
Fedora Core 5 i
Bugzilla
CVE-2006-0749 Mozilla Firefox Tag Order Vulnerability
bugzilla·2006-04-13·CVSS 9.3
CVE-2006-0749 [CRITICAL] CVE-2006-0749 Mozilla Firefox Tag Order Vulnerability
CVE-2006-0749 Mozilla Firefox Tag Order Vulnerability
Mozilla Firefox Tag Order Vulnerability
A particular sequence of HTML tags that reliably crash Mozilla clients was
reported by an anonymous researcher via TippingPoint and the Zero Day
Initiative. The crash is due to memory corruption that can be exploited to
run arbitary code.
Mozilla mail clients will crash on the tag sequence, but without the ability
to run scripts to fill memory with the attack code it may not be possible
for an attacker to exploit this crash.
Workaround
Upgrade to a fixed version.
References
[1]ZDI-06-008
[2]https://bugzilla.mozilla.org/show_bug.cgi?id=320182
[3]https://bugzilla.mozilla.org/show_bug.cgi?id=269095
CVE-2006-0749
This issue also affects FC4
Discussion:
The packages that fix this have been
Bugzilla
CVE-2006-0749 Mozilla Firefox Tag Order Vulnerability
bugzilla·2006-04-13·CVSS 9.3
CVE-2006-0749 [CRITICAL] CVE-2006-0749 Mozilla Firefox Tag Order Vulnerability
CVE-2006-0749 Mozilla Firefox Tag Order Vulnerability
Mozilla Firefox Tag Order Vulnerability
A particular sequence of HTML tags that reliably crash Mozilla clients was
reported by an anonymous researcher via TippingPoint and the Zero Day
Initiative. The crash is due to memory corruption that can be exploited to
run arbitary code.
Mozilla mail clients will crash on the tag sequence, but without the ability
to run scripts to fill memory with the attack code it may not be possible
for an attacker to exploit this crash.
Workaround
Upgrade to a fixed version.
References
[1]ZDI-06-008
[2]https://bugzilla.mozilla.org/show_bug.cgi?id=320182
[3]https://bugzilla.mozilla.org/show_bug.cgi?id=269095
CVE-2006-0749
Discussion:
Lifting embargo
---
Lifting embargo
---
An advisory has been is
Bugzilla
CVE-2006-0749 Mozilla Tag Order Vulnerability
bugzilla·2006-03-01·CVSS 9.3
CVE-2006-0749 [CRITICAL] CVE-2006-0749 Mozilla Tag Order Vulnerability
CVE-2006-0749 Mozilla Tag Order Vulnerability
+++ This bug was initially created as a clone of Bug #183537 +++
There exists a remotely exploitable code execution vulnerability in Mozilla
related to the order tags appear in an HTML document. It is possible
for a malicious web page to execute arbitrary code as the user running Firefox.
-- Additional comment from [email protected] on 2006-03-01 16:01 EST --
Created an attachment (id=125496)
Proposed upstream patch
This patch should apply to aviary 1.0.7 and mozilla 1.7.12
Discussion:
Lifting embargo
---
(See Bug # 188794 for the FC5 version of this bug report.)
This bug was fixed for FC4 in Fedora Update FEDORA-2006-488
.
This bug was fixed for FC5 in Fedora Update FEDORA-2006-487
.
Bugzilla
CVE-2006-0749 Firefox Tag Order Vulnerability
bugzilla·2006-03-01·CVSS 9.3
CVE-2006-0749 [CRITICAL] CVE-2006-0749 Firefox Tag Order Vulnerability
CVE-2006-0749 Firefox Tag Order Vulnerability
There exists a remotely exploitable code execution vulnerability in Mozilla
Firefox related to the order tags appear in an HTML document. It is possible
for a malicious web page to execute arbitrary code as the user running Firefox.
Discussion:
Lifting embargo
---
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA-2006-0328.html
---
An advisory has been issued which should help the problem
described in this bug report. This rep
Bugzilla
CVE-2006-0749 Thunderbird Tag Order Vulnerability
bugzilla·2006-03-01·CVSS 9.3
CVE-2006-0749 [CRITICAL] CVE-2006-0749 Thunderbird Tag Order Vulnerability
CVE-2006-0749 Thunderbird Tag Order Vulnerability
+++ This bug was initially created as a clone of Bug #183537 +++
There exists a remotely exploitable code execution vulnerability in Thunderbird
related to the order tags appear in an HTML document. It is possible
for a malicious web page to execute arbitrary code as the user running Thunderbird.
-- Additional comment from [email protected] on 2006-03-01 16:01 EST --
Created an attachment (id=125496)
Proposed upstream patch
This patch should apply to aviary 1.0.7 and mozilla 1.7.12
Discussion:
Lifting embargo
---
This was fixed in the update to thunderbird 1.0.8, but the bug was never
updated. Marking closed now.
Bugzilla
CVE-2006-0749 Mozilla Tag Order Vulnerability
bugzilla·2006-03-01·CVSS 9.3
CVE-2006-0749 [CRITICAL] CVE-2006-0749 Mozilla Tag Order Vulnerability
CVE-2006-0749 Mozilla Tag Order Vulnerability
+++ This bug was initially created as a clone of Bug #183537 +++
There exists a remotely exploitable code execution vulnerability in Mozilla
related to the order tags appear in an HTML document. It is possible
for a malicious web page to execute arbitrary code as the user running Firefox.
-- Additional comment from [email protected] on 2006-03-01 16:01 EST --
Created an attachment (id=125496)
Proposed upstream patch
This patch should apply to aviary 1.0.7 and mozilla 1.7.12
Discussion:
This issue should also affect RHEL2.1 and RHEL3
---
Lifting embargo
---
Since this bugzilla report was filed, we have seriously upgraded Gecko-related
packages, which may have resolved this issue. Users who have experienced this
problem are encourage
Bugzilla
CVE-2006-0749 Thunderbird Tag Order Vulnerability
bugzilla·2006-03-01·CVSS 9.3
CVE-2006-0749 [CRITICAL] CVE-2006-0749 Thunderbird Tag Order Vulnerability
CVE-2006-0749 Thunderbird Tag Order Vulnerability
+++ This bug was initially created as a clone of Bug #183537 +++
There exists a remotely exploitable code execution vulnerability in Thunderbird
related to the order tags appear in an HTML document. It is possible
for a malicious web page to execute arbitrary code as the user running Thunderbird.
-- Additional comment from [email protected] on 2006-03-01 16:01 EST --
Created an attachment (id=125496)
Proposed upstream patch
This patch should apply to aviary 1.0.7 and mozilla 1.7.12
Discussion:
Lifting embargo
---
Since this bugzilla report was filed, we have seriously upgraded Gecko-related
packages, which may have resolved this issue. Users who have experienced this
problem are encouraged to upgrade their system to the latest ve
Bugzilla
CVE-2006-0749 Firefox Tag Order Vulnerability
bugzilla·2006-03-01·CVSS 9.3
CVE-2006-0749 [CRITICAL] CVE-2006-0749 Firefox Tag Order Vulnerability
CVE-2006-0749 Firefox Tag Order Vulnerability
+++ This bug was initially created as a clone of Bug #183537 +++
There exists a remotely exploitable code execution vulnerability in Mozilla
Firefox related to the order tags appear in an HTML document. It is possible
for a malicious web page to execute arbitrary code as the user running Firefox.
Proposed upstream patch is attachment 125496
Discussion:
Lifting embargo
---
This doesn't appear to ever have been fixed. Remotely-exploitable vulnerability,
too. :(
---
Hmmm, okay, looks like this issue is fixed in 1.0.8, and there *was* an update
to that, and apparently before the embargo was lifted (hence the lack of
specific mention in its changelog). The bugzilla entry just needed some lovin'.
Marking closed-errata.
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txtftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.aschttp://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.htmlhttp://secunia.com/advisories/19631http://secunia.com/advisories/19696http://secunia.com/advisories/19714http://secunia.com/advisories/19721http://secunia.com/advisories/19729http://secunia.com/advisories/19746http://secunia.com/advisories/19759http://secunia.com/advisories/19780http://secunia.com/advisories/19794http://secunia.com/advisories/19811http://secunia.com/advisories/19821http://secunia.com/advisories/19823http://secunia.com/advisories/19852http://secunia.com/advisories/19862http://secunia.com/advisories/19863http://secunia.com/advisories/19902http://secunia.com/advisories/19941http://secunia.com/advisories/19950http://secunia.com/advisories/20051http://secunia.com/advisories/21033http://secunia.com/advisories/21622http://securityreason.com/securityalert/729http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1http://support.avaya.com/elmodocs2/security/ASA-2006-205.htmhttp://www.debian.org/security/2006/dsa-1044http://www.debian.org/security/2006/dsa-1046http://www.debian.org/security/2006/dsa-1051http://www.gentoo.org/security/en/glsa/glsa-200604-12.xmlhttp://www.gentoo.org/security/en/glsa/glsa-200604-18.xmlhttp://www.gentoo.org/security/en/glsa/glsa-200605-09.xmlhttp://www.kb.cert.org/vuls/id/736934http://www.mandriva.com/security/advisories?name=MDKSA-2006:075http://www.mandriva.com/security/advisories?name=MDKSA-2006:076http://www.mandriva.com/security/advisories?name=MDKSA-2006:078http://www.mozilla.org/security/announce/2006/mfsa2006-18.htmlhttp://www.novell.com/linux/security/advisories/2006_04_25.htmlhttp://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.htmlhttp://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0328.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0329.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0330.htmlhttp://www.securityfocus.com/archive/1/431126/100/0/threadedhttp://www.securityfocus.com/archive/1/434524/100/0/threadedhttp://www.securityfocus.com/archive/1/436296/100/0/threadedhttp://www.securityfocus.com/archive/1/436338/100/0/threadedhttp://www.securityfocus.com/archive/1/438730/100/0/threadedhttp://www.securityfocus.com/bid/17516http://www.us-cert.gov/cas/techalerts/TA06-107A.htmlhttp://www.vupen.com/english/advisories/2006/1356http://www.vupen.com/english/advisories/2006/3391http://www.zerodayinitiative.com/advisories/ZDI-06-009.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/25819https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11704https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1848https://usn.ubuntu.com/271-1/https://usn.ubuntu.com/275-1/https://usn.ubuntu.com/276-1/ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txtftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.aschttp://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.htmlhttp://secunia.com/advisories/19631http://secunia.com/advisories/19696http://secunia.com/advisories/19714http://secunia.com/advisories/19721http://secunia.com/advisories/19729http://secunia.com/advisories/19746http://secunia.com/advisories/19759http://secunia.com/advisories/19780http://secunia.com/advisories/19794http://secunia.com/advisories/19811http://secunia.com/advisories/19821http://secunia.com/advisories/19823http://secunia.com/advisories/19852http://secunia.com/advisories/19862http://secunia.com/advisories/19863http://secunia.com/advisories/19902http://secunia.com/advisories/19941http://secunia.com/advisories/19950http://secunia.com/advisories/20051http://secunia.com/advisories/21033http://secunia.com/advisories/21622http://securityreason.com/securityalert/729http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1http://support.avaya.com/elmodocs2/security/ASA-2006-205.htmhttp://www.debian.org/security/2006/dsa-1044http://www.debian.org/security/2006/dsa-1046http://www.debian.org/security/2006/dsa-1051http://www.gentoo.org/security/en/glsa/glsa-200604-12.xmlhttp://www.gentoo.org/security/en/glsa/glsa-200604-18.xmlhttp://www.gentoo.org/security/en/glsa/glsa-200605-09.xmlhttp://www.kb.cert.org/vuls/id/736934http://www.mandriva.com/security/advisories?name=MDKSA-2006:075http://www.mandriva.com/security/advisories?name=MDKSA-2006:076http://www.mandriva.com/security/advisories?name=MDKSA-2006:078http://www.mozilla.org/security/announce/2006/mfsa2006-18.html
+ 22 more references
2006-04-14
Published