CVE-2006-1790 — Out-of-bounds Write in Firefox

CWE-39916 documents7 sources

Severity

10.0CRITICALNVD

EPSS

15.9%

top 5.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Thunderbird Debian Firefox Debian Thunderbird +1 more

Timeline

PublishedApr 14

Latest updateMay 3

Description

A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

▶NVDmozilla/firefox1.0.7

▶debiandebian/firefox< firefox 1.5 (sid)

▶Debianmozilla/thunderbird< 1.5.0.2-1+3

▶debiandebian/thunderbird< firefox 1.5 (sid)

🔴Vulnerability Details

GHSA

GHSA-h8w2-9pxp-qpcc: A regression fix in Mozilla Firefox 1↗2022-05-03

▶

OSV

CVE-2006-1790: A regression fix in Mozilla Firefox 1↗2006-04-14

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2006-05-03

▶

Ubuntu

Mozilla vulnerabilities↗2006-04-28

▶

Ubuntu

Firefox vulnerabilities↗2006-04-20

▶

Red Hat

security flaw↗2006-04-14

▶

Debian

CVE-2006-1790: firefox - A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a den...↗2006

▶

💬Community

Bugzilla

CVE-2006-1790 security flaw↗2018-08-16

▶

Bugzilla

Mozilla Thunderbird multiple vulnerabilities (CVE-2006-0749, CVE-2006-1724, CVE-2006-1730, CVE-2006-0292, et al.)↗2006-04-22

▶

Bugzilla

CVE-2006-1737 Crashes with evidence of memory corruption (CVE-2006-1738, CVE-2006-1739, CVE-2006-1790)↗2006-04-13

▶

Bugzilla

CVE-2006-1737 Crashes with evidence of memory corruption (CVE-2006-1738, CVE-2006-1739, CVE-2006-1790)↗2006-04-13

▶

Bugzilla

CVE-2006-1737 Crashes with evidence of memory corruption (CVE-2006-1738, CVE-2006-1739, CVE-2006-1790)↗2006-04-13

▶