CVE-2006-2779
published 2006-06-02CVE-2006-2779: Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested…
PriorityP333critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
6.96%
93.3th percentile
Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption.
Affected
45 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 1.5.dfsg+1.5.0.4-1 (sid) | firefox 1.5.dfsg+1.5.0.4-1 (sid) |
| debian | thunderbird | < firefox 1.5.dfsg+1.5.0.4-1 (sid) | firefox 1.5.dfsg+1.5.0.4-1 (sid) |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | thunderbird | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3HIGH
vendor_redhat9.3CRITICAL
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
mozilla vulnerabilities
vendor_ubuntu·2006-07-26·CVSS 4.3
CVE-2006-2775 [MEDIUM] mozilla vulnerabilities
Title: mozilla vulnerabilities
Summary: mozilla vulnerabilities
Jonas Sicking discovered that under some circumstances persisted XUL
attributes are associated with the wrong URL. A malicious web site
could exploit this to execute arbitrary code with the privileges of
the user. (MFSA 2006-35, CVE-2006-2775)
Paul Nickerson discovered that content-defined setters on an object
prototype were getting called by privileged UI code. It was
demonstrated that this could be exploited to run arbitrary web script
with full user privileges (MFSA 2006-37, CVE-2006-2776). A similar
attack was discovered by moz_bug_r_a4 that leveraged SelectionObject
notifications that were called in privileged context. (MFSA 2006-43,
CVE-2006-2777)
Mikolaj Habryn discovered a buffer overflow in the crypto.signText()
f
Ubuntu
Thunderbird vulnerabilities
vendor_ubuntu·2006-07-26·CVSS 7.5
CVE-2006-2775 [HIGH] Thunderbird vulnerabilities
Title: Thunderbird vulnerabilities
Summary: Thunderbird vulnerabilities
USN-297-1 fixed several vulnerabilities in Thunderbird for the Ubuntu
6.06 LTS release. This update provides the corresponding fixes for
Ubuntu 5.04 and Ubuntu 5.10.
For reference, these are the details of the original USN:
Jonas Sicking discovered that under some circumstances persisted XUL
attributes are associated with the wrong URL. A malicious web site
could exploit this to execute arbitrary code with the privileges of
the user. (MFSA 2006-35, CVE-2006-2775)
Paul Nickerson discovered that content-defined setters on an object
prototype were getting called by privileged UI code. It was
demonstrated that this could be exploited to run arbitrary web
script with full user privileges (MFSA 2006-37, CVE-2006-2776).
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2006-07-25·CVSS 4.3
CVE-2006-2775 [MEDIUM] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox vulnerabilities
USN-296-1 fixed several vulnerabilities in Firefox for the Ubuntu 6.06
LTS release. This update provides the corresponding fixes for Ubuntu
5.04 and Ubuntu 5.10.
For reference, these are the details of the original USN:
Jonas Sicking discovered that under some circumstances persisted XUL
attributes are associated with the wrong URL. A malicious web site
could exploit this to execute arbitrary code with the privileges of
the user. (MFSA 2006-35, CVE-2006-2775)
Paul Nickerson discovered that content-defined setters on an object
prototype were getting called by privileged UI code. It was
demonstrated that this could be exploited to run arbitrary web script
with full user privileges (MFSA 2006-37, CVE-2006-2776). A similar
at
Ubuntu
Thunderbird vulnerabilities
vendor_ubuntu·2006-06-14·CVSS 7.5
CVE-2006-2775 [HIGH] Thunderbird vulnerabilities
Title: Thunderbird vulnerabilities
Summary: Thunderbird vulnerabilities
Jonas Sicking discovered that under some circumstances persisted XUL
attributes are associated with the wrong URL. A malicious web site
could exploit this to execute arbitrary code with the privileges of
the user. (MFSA 2006-35, CVE-2006-2775)
Paul Nickerson discovered that content-defined setters on an object
prototype were getting called by privileged UI code. It was
demonstrated that this could be exploited to run arbitrary web script
with full user privileges (MFSA 2006-37, CVE-2006-2776).
Mikolaj Habryn discovered a buffer overflow in the crypto.signText()
function. By sending an email with malicious JavaScript to an user,
and that user enabled JavaScript in Thunderbird (which is not the
default and not recomm
Ubuntu
firefox vulnerabilities
vendor_ubuntu·2006-06-09·CVSS 7.5
CVE-2006-2775 [HIGH] firefox vulnerabilities
Title: firefox vulnerabilities
Summary: firefox vulnerabilities
Jonas Sicking discovered that under some circumstances persisted XUL
attributes are associated with the wrong URL. A malicious web site
could exploit this to execute arbitrary code with the privileges of
the user. (MFSA 2006-35, CVE-2006-2775)
Paul Nickerson discovered that content-defined setters on an object
prototype were getting called by privileged UI code. It was
demonstrated that this could be exploited to run arbitrary web script
with full user privileges (MFSA 2006-37, CVE-2006-2776). A similar
attack was discovered by moz_bug_r_a4 that leveraged SelectionObject
notifications that were called in privileged context. (MFSA 2006-43,
CVE-2006-2777)
Mikolaj Habryn discovered a buffer overflow in the crypto.signText()
f
Red Hat
security flaw
vendor_redhat·2006-06-02·CVSS 9.3
CVE-2006-2779 [CRITICAL] security flaw
security flaw
Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption.
Debian
CVE-2006-2779: firefox - Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a...
vendor_debian·2006·CVSS 9.3
CVE-2006-2779 [CRITICAL] CVE-2006-2779: firefox - Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a...
Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption.
Scope: local
sid: resolved (fixed in 1.5.dfsg+1.5.0.4-1)
GHSA
GHSA-4wfv-333g-2w8x: Mozilla Firefox and Thunderbird before 1
ghsa_unreviewed·2022-05-01
CVE-2006-2779 [HIGH] CWE-94 GHSA-4wfv-333g-2w8x: Mozilla Firefox and Thunderbird before 1
Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption.
OSV
CVE-2006-2779: Mozilla Firefox and Thunderbird before 1
osv·2006-06-02·CVSS 9.3
CVE-2006-2779 [CRITICAL] CVE-2006-2779: Mozilla Firefox and Thunderbird before 1
Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2006-2779 security flaw
bugzilla·2018-08-16·CVSS 9.3
CVE-2006-2779 [CRITICAL] CVE-2006-2779 security flaw
CVE-2006-2779 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption.
Bugzilla
CVE-2006-2779 multiple Thunderbird issues (CVE-2006-2780, CVE-2006-2781, CVE-2006-2783,CVE-2006-2782,CVE-2006-2778,CVE-2006-2776,CVE-2006-2784,CVE-2006-2785,CVE-2006-2786,CVE-2006-2787,CVE-2006-2788)
bugzilla·2006-06-28·CVSS 7.5
CVE-2006-2779 [HIGH] CVE-2006-2779 multiple Thunderbird issues (CVE-2006-2780, CVE-2006-2781, CVE-2006-2783,CVE-2006-2782,CVE-2006-2778,CVE-2006-2776,CVE-2006-2784,CVE-2006-2785,CVE-2006-2786,CVE-2006-2787,CVE-2006-2788)
CVE-2006-2779 multiple Thunderbird issues (CVE-2006-2780, CVE-2006-2781, CVE-2006-2783,CVE-2006-2782,CVE-2006-2778,CVE-2006-2776,CVE-2006-2784,CVE-2006-2785,CVE-2006-2786,CVE-2006-2787,CVE-2006-2788)
+++ This bug was initially created as a clone of Bug #196973 +++
These issues will remain unfixed in Thunderbird until we upgrade to Thunderbird
1.5. They are not additional issues, simply problems which are fixed as part of
the upgrade.
CVE-2006-2777 MFSA 2006-43
CVE-2006-2776 MFSA 2006-37
CVE-2006-2784 MFSA 2006-36
CVE-2006-2785 MFSA 2006-34
CVE-2006-2787 MFSA 2006-31
Several flaws were found in the way Thunderbird processes certain javascript
actions. A malicious HTML mail could execute arbitrary javascript
instructions with the permissions of "chrome", allowing the mail to steal
sensiti
Bugzilla
CVE-2006-2779 Multiple Mozilla issues (CVE-2006-2781, CVE-2006-2788)
bugzilla·2006-06-14·CVSS 9.3
CVE-2006-2779 [CRITICAL] CVE-2006-2779 Multiple Mozilla issues (CVE-2006-2781, CVE-2006-2788)
CVE-2006-2779 Multiple Mozilla issues (CVE-2006-2781, CVE-2006-2788)
This was originally bug 194617, until Bugzilla barfed yesterday. Entering
it again...
Summary: CVE-2006-2779 Multiple Mozilla issues (CVE-2006-2781,
CVE-2006-2788)
Product: Fedora Core
Version: fc5
Platform: All
OS/Version: Linux
Status: NEW
Severity: urgent
Priority: normal
Component: firefox
AssignedTo: [email protected]
ReportedBy: [email protected]
CC: [email protected],[email protected]
This issue also affects Fedora Core 5. A lot of the problems fixed in 1.5.0.4
don't seem that severe, but a few of these are serious enough to at least turn
some heads. And it's been public for a quite a while now.
+++ This bug was initially created as a clone of Bug #193906 +++
Text stolen from MITRE:
CVE-2006-2781
Double-free
Bugzilla
CVE-2006-2779 Multiple Mozilla, Firefox issues (CVE-2006-2781, CVE-2006-2788)
bugzilla·2006-06-08·CVSS 9.3
CVE-2006-2779 [CRITICAL] CVE-2006-2779 Multiple Mozilla, Firefox issues (CVE-2006-2781, CVE-2006-2788)
CVE-2006-2779 Multiple Mozilla, Firefox issues (CVE-2006-2781, CVE-2006-2788)
+++ This bug was initially created as a clone of Bug #193906 +++
Text stolen from MITRE:
CVE-2006-2781
Double-free vulnerability in Mozilla Thunderbird before 1.5.0.4 and
SeaMonkey before 1.0.2 allows remote attackers to cause a denial of
service (hang) and possibly execute arbitrary code via a VCard that
contains invalid base64 characters.
CVE-2006-2779
Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers
to cause a denial of service (crash) and possibly execute arbitrary
code via (1) nested tags in a select tag, (2) a
DOMNodeRemoved mutation event, (3) "Content-implemented tree views,"
(4) BoxObjects, (5) the XBL implementation, (6) an iframe that
attempts to remove itself, which leads to m
Bugzilla
CVE-2006-2779 multiple firefox DoS issues (CVE-2006-2780)
bugzilla·2006-06-02·CVSS 9.3
CVE-2006-2779 [CRITICAL] CVE-2006-2779 multiple firefox DoS issues (CVE-2006-2780)
CVE-2006-2779 multiple firefox DoS issues (CVE-2006-2780)
Text taken from the CVE id:
Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers
to cause a denial of service (crash) and possibly execute arbitrary
code via (1) nested tags in a select tag, (2) a
DOMNodeRemoved mutation event, (3) "Content-implemented tree views,"
(4) BoxObjects, (5) the XBL implementation, (6) an iframe that
attempts to remove itself, which leads to memory corruption.
Discussion:
------- Additional Comments From [email protected] 2006-06-09 10:31 EST -------
This is a dupe of bug #193906, yeah? (Technically that one was filed an hour
later, but contains more information, unless I'm overlooking something.)
---
(Well, except this one is for RHEL4.)
---
CVE-2006-2780
Integer overflow in Mozil
http://rhn.redhat.com/errata/RHSA-2006-0609.htmlhttp://secunia.com/advisories/20376http://secunia.com/advisories/20382http://secunia.com/advisories/20561http://secunia.com/advisories/20709http://secunia.com/advisories/21134http://secunia.com/advisories/21176http://secunia.com/advisories/21178http://secunia.com/advisories/21183http://secunia.com/advisories/21188http://secunia.com/advisories/21210http://secunia.com/advisories/21269http://secunia.com/advisories/21270http://secunia.com/advisories/21324http://secunia.com/advisories/21336http://secunia.com/advisories/21532http://secunia.com/advisories/21607http://secunia.com/advisories/21631http://secunia.com/advisories/21634http://secunia.com/advisories/21654http://secunia.com/advisories/22065http://secunia.com/advisories/22066http://secunia.com/advisories/27216http://securitytracker.com/id?1016202http://securitytracker.com/id?1016214http://sunsolve.sun.com/search/document.do?assetkey=1-26-102943-1http://sunsolve.sun.com/search/document.do?assetkey=1-66-200387-1http://www.debian.org/security/2006/dsa-1118http://www.debian.org/security/2006/dsa-1120http://www.debian.org/security/2006/dsa-1134http://www.debian.org/security/2006/dsa-1159http://www.debian.org/security/2006/dsa-1160http://www.gentoo.org/security/en/glsa/glsa-200606-12.xmlhttp://www.gentoo.org/security/en/glsa/glsa-200606-21.xmlhttp://www.kb.cert.org/vuls/id/466673http://www.mandriva.com/security/advisories?name=MDKSA-2006:143http://www.mandriva.com/security/advisories?name=MDKSA-2006:145http://www.mandriva.com/security/advisories?name=MDKSA-2006:146http://www.mozilla.org/security/announce/2006/mfsa2006-32.htmlhttp://www.novell.com/linux/security/advisories/2006_35_mozilla.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0578.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0594.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0610.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0611.htmlhttp://www.securityfocus.com/archive/1/435795/100/0/threadedhttp://www.securityfocus.com/archive/1/446657/100/200/threadedhttp://www.securityfocus.com/archive/1/446658/100/200/threadedhttp://www.securityfocus.com/bid/18228http://www.us-cert.gov/cas/techalerts/TA06-153A.htmlhttp://www.vupen.com/english/advisories/2006/2106http://www.vupen.com/english/advisories/2006/3748http://www.vupen.com/english/advisories/2006/3749http://www.vupen.com/english/advisories/2007/3488http://www.vupen.com/english/advisories/2008/0083https://exchange.xforce.ibmcloud.com/vulnerabilities/26843https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9762https://usn.ubuntu.com/296-1/https://usn.ubuntu.com/296-2/https://usn.ubuntu.com/297-1/https://usn.ubuntu.com/297-3/https://usn.ubuntu.com/323-1/http://rhn.redhat.com/errata/RHSA-2006-0609.htmlhttp://secunia.com/advisories/20376http://secunia.com/advisories/20382http://secunia.com/advisories/20561http://secunia.com/advisories/20709http://secunia.com/advisories/21134http://secunia.com/advisories/21176http://secunia.com/advisories/21178http://secunia.com/advisories/21183http://secunia.com/advisories/21188http://secunia.com/advisories/21210http://secunia.com/advisories/21269http://secunia.com/advisories/21270http://secunia.com/advisories/21324http://secunia.com/advisories/21336http://secunia.com/advisories/21532http://secunia.com/advisories/21607http://secunia.com/advisories/21631http://secunia.com/advisories/21634http://secunia.com/advisories/21654http://secunia.com/advisories/22065http://secunia.com/advisories/22066http://secunia.com/advisories/27216http://securitytracker.com/id?1016202http://securitytracker.com/id?1016214http://sunsolve.sun.com/search/document.do?assetkey=1-26-102943-1http://sunsolve.sun.com/search/document.do?assetkey=1-66-200387-1http://www.debian.org/security/2006/dsa-1118http://www.debian.org/security/2006/dsa-1120http://www.debian.org/security/2006/dsa-1134http://www.debian.org/security/2006/dsa-1159http://www.debian.org/security/2006/dsa-1160http://www.gentoo.org/security/en/glsa/glsa-200606-12.xmlhttp://www.gentoo.org/security/en/glsa/glsa-200606-21.xmlhttp://www.kb.cert.org/vuls/id/466673http://www.mandriva.com/security/advisories?name=MDKSA-2006:143http://www.mandriva.com/security/advisories?name=MDKSA-2006:145http://www.mandriva.com/security/advisories?name=MDKSA-2006:146http://www.mozilla.org/security/announce/2006/mfsa2006-32.html
+ 22 more references
2006-06-02
Published