CVE-2006-1730

CWE-18917 documents8 sources
Severity
9.3CRITICAL
EPSS
26.5%
top 3.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla FirefoxMozilla Mozilla SuiteMozilla Seamonkey+1 more
Timeline
PublishedApr 14
Latest updateMay 3

Description

Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via a large number in the CSS letter-spacing property that leads to a heap-based buffer overflow.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages5 packages

NVDmozilla/firefox10 versions+9
NVDmozilla/thunderbird10 versions+9
NVDmozilla/mozilla_suite6 versions+5
Debianthunderbird< 1.5.0.2-1+3

Patches

Patch: secunia.comPatch: secunia.comPatch: securitytracker.com

🔴Vulnerability Details

3
GHSA
GHSA-w48v-q8fw-236r: Integer overflow in Mozilla Firefox and Thunderbird 12022-05-03
OSV
CVE-2006-1730: Integer overflow in Mozilla Firefox and Thunderbird 12006-04-14
CVEList
CVE-2006-1730: Integer overflow in Mozilla Firefox and Thunderbird 12006-04-14

📋Vendor Advisories

5
Ubuntu
Thunderbird vulnerabilities2006-05-03
Ubuntu
Mozilla vulnerabilities2006-04-28
Ubuntu
Firefox vulnerabilities2006-04-20
Red Hat
security flaw2006-04-14
Debian
CVE-2006-1730: firefox - Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x...2006

💬Community

8
Bugzilla
CVE-2006-1730 security flaw2018-08-16
Bugzilla
Mozilla Thunderbird multiple vulnerabilities (CVE-2006-0749, CVE-2006-1724, CVE-2006-1730, CVE-2006-0292, et al.)2006-04-22
Bugzilla
CVE-2006-1730 CSS Letter-Spacing Heap Overflow Vulnerability2006-04-13
Bugzilla
CVE-2006-1730 CSS Letter-Spacing Heap Overflow Vulnerability2006-04-13
Bugzilla
CVE-2006-1730 CSS Letter-Spacing Heap Overflow Vulnerability2006-04-13
CVE-2006-1730 (CRITICAL CVSS 9.3) | Integer overflow in Mozilla Firefox | cvebase.io