CVE-2006-1737

CWE-18916 documents8 sources
Severity
9.3CRITICAL
EPSS
26.2%
top 3.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla FirefoxMozilla Mozilla SuiteMozilla Seamonkey+1 more
Timeline
PublishedApr 14
Latest updateMay 3

Description

Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary bytecode via JavaScript with a large regular expression.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages5 packages

NVDmozilla/firefox9 versions+8
NVDmozilla/thunderbird9 versions+8
NVDmozilla/mozilla_suite6 versions+5
Debianthunderbird< 1.5.0.2-1+3

🔴Vulnerability Details

3
GHSA
GHSA-rxwh-g7jh-p598: Integer overflow in Mozilla Firefox and Thunderbird 12022-05-03
CVEList
CVE-2006-1737: Integer overflow in Mozilla Firefox and Thunderbird 12006-04-14
OSV
CVE-2006-1737: Integer overflow in Mozilla Firefox and Thunderbird 12006-04-14

📋Vendor Advisories

5
Ubuntu
Thunderbird vulnerabilities2006-05-03
Ubuntu
Mozilla vulnerabilities2006-04-28
Ubuntu
Firefox vulnerabilities2006-04-20
Red Hat
security flaw2006-04-14
Debian
CVE-2006-1737: firefox - Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x bef...2006

💬Community

7
Bugzilla
CVE-2006-1737 security flaw2018-08-16
Bugzilla
CVE-2006-1737 Crashes with evidence of memory corruption (CVE-2006-1738, CVE-2006-1739, CVE-2006-1790)2006-04-13
Bugzilla
CVE-2006-1737 Crashes with evidence of memory corruption (CVE-2006-1738, CVE-2006-1739, CVE-2006-1790)2006-04-13
Bugzilla
CVE-2006-1737 Crashes with evidence of memory corruption (CVE-2006-1738, CVE-2006-1739, CVE-2006-1790)2006-04-13
Bugzilla
CVE-2006-1737 Crashes with evidence of memory corruption (CVE-2006-1738, CVE-2006-1739, CVE-2006-1790))2006-04-13