CVE-2006-2779Code Injection in Firefox

CWE-94Code Injection15 documents7 sources
Severity
9.3CRITICALNVD
EPSS
23.3%
top 4.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla ThunderbirdDebian FirefoxDebian Thunderbird+1 more
Timeline
PublishedJun 2
Latest updateMay 1

Description

Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages5 packages

Debianmozilla/thunderbird< 1.5.0.4-1+3
NVDmozilla/firefox22 versions+21
NVDmozilla/thunderbird17 versions+16
debiandebian/firefox< firefox 1.5.dfsg+1.5.0.4-1 (sid)
debiandebian/thunderbird< firefox 1.5.dfsg+1.5.0.4-1 (sid)

Patches

Patch: secunia.comPatch: secunia.comPatch: secunia.com

🔴Vulnerability Details

2
GHSA
GHSA-4wfv-333g-2w8x: Mozilla Firefox and Thunderbird before 12022-05-01
OSV
CVE-2006-2779: Mozilla Firefox and Thunderbird before 12006-06-02

📋Vendor Advisories

7
Ubuntu
mozilla vulnerabilities2006-07-26
Ubuntu
Thunderbird vulnerabilities2006-07-26
Ubuntu
Firefox vulnerabilities2006-07-25
Ubuntu
Thunderbird vulnerabilities2006-06-14
Ubuntu
firefox vulnerabilities2006-06-09

💬Community

5
Bugzilla
CVE-2006-2779 security flaw2018-08-16
Bugzilla
CVE-2006-2779 multiple Thunderbird issues (CVE-2006-2780, CVE-2006-2781, CVE-2006-2783,CVE-2006-2782,CVE-2006-2778,CVE-2006-2776,CVE-2006-2784,CVE-2006-2785,CVE-2006-2786,CVE-2006-2787,CVE-2006-2788)2006-06-28
Bugzilla
CVE-2006-2779 Multiple Mozilla issues (CVE-2006-2781, CVE-2006-2788)2006-06-14
Bugzilla
CVE-2006-2779 Multiple Mozilla, Firefox issues (CVE-2006-2781, CVE-2006-2788)2006-06-08
Bugzilla
CVE-2006-2779 multiple firefox DoS issues (CVE-2006-2780)2006-06-02