CVE-2006-1739

CWE-119 — Buffer Overflow16 documents8 sources

Severity

9.3CRITICAL

EPSS

33.1%

top 3.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Mozilla Suite Mozilla Seamonkey +1 more

Timeline

PublishedApr 14

Latest updateMay 3

Description

The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain Cascading Style Sheets (CSS) that causes an out-of-bounds array write and buffer overflow.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages5 packages

▶NVDmozilla/firefox9 versions+8

▶NVDmozilla/seamonkey1.0

▶NVDmozilla/thunderbird9 versions+8

▶NVDmozilla/mozilla_suite6 versions+5

▶Debianthunderbird< 1.5.0.2-1+3

Patches

Patch: secunia.com ↗Patch: www.mozilla.org ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-wp5w-vcq2-q2gv: The CSS border-rendering code in Mozilla Firefox and Thunderbird 1↗2022-05-03

▶

CVEList

CVE-2006-1739: The CSS border-rendering code in Mozilla Firefox and Thunderbird 1↗2006-04-14

▶

OSV

CVE-2006-1739: The CSS border-rendering code in Mozilla Firefox and Thunderbird 1↗2006-04-14

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2006-05-03

▶

Ubuntu

Mozilla vulnerabilities↗2006-04-28

▶

Ubuntu

Firefox vulnerabilities↗2006-04-20

▶

Red Hat

security flaw↗2006-04-14

▶

Debian

CVE-2006-1739: firefox - The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x before 1.5 ...↗2006

▶

💬Community

Bugzilla

CVE-2006-1739 security flaw↗2018-08-16

▶

Bugzilla

CVE-2006-1737 Crashes with evidence of memory corruption (CVE-2006-1738, CVE-2006-1739, CVE-2006-1790)↗2006-04-13

▶

Bugzilla

CVE-2006-1737 Crashes with evidence of memory corruption (CVE-2006-1738, CVE-2006-1739, CVE-2006-1790)↗2006-04-13

▶

Bugzilla

CVE-2006-1737 Crashes with evidence of memory corruption (CVE-2006-1738, CVE-2006-1739, CVE-2006-1790)↗2006-04-13

▶

Bugzilla

CVE-2006-1737 Crashes with evidence of memory corruption (CVE-2006-1738, CVE-2006-1739, CVE-2006-1790))↗2006-04-13

▶