CVE-2006-2780 — Code Injection in Firefox

CWE-94 — Code Injection13 documents7 sources

Severity

9.3CRITICALNVD

EPSS

26.5%

top 3.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Thunderbird Debian Firefox Debian Thunderbird +1 more

Timeline

PublishedJun 2

Latest updateMay 1

Description

Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via "jsstr tagify," which leads to memory corruption.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages5 packages

▶Debianmozilla/thunderbird< 1.5.0.4-1+3

▶NVDmozilla/firefox1.5.0.3

▶NVDmozilla/thunderbird1.5.0.3

▶debiandebian/firefox< firefox 1.5.dfsg+1.5.0.4-1 (sid)

▶debiandebian/thunderbird< firefox 1.5.dfsg+1.5.0.4-1 (sid)

🔴Vulnerability Details

GHSA

GHSA-phw8-gjhm-gpw8: Integer overflow in Mozilla Firefox and Thunderbird before 1↗2022-05-01

▶

OSV

CVE-2006-2780: Integer overflow in Mozilla Firefox and Thunderbird before 1↗2006-06-02

▶

📋Vendor Advisories

Ubuntu

mozilla vulnerabilities↗2006-07-26

▶

Ubuntu

Thunderbird vulnerabilities↗2006-07-26

▶

Ubuntu

Firefox vulnerabilities↗2006-07-25

▶

Ubuntu

Thunderbird vulnerabilities↗2006-06-14

▶

Ubuntu

firefox vulnerabilities↗2006-06-09

▶

💬Community

Bugzilla

CVE-2006-2780 security flaw↗2018-08-16

▶

Bugzilla

CVE-2006-2779 multiple Thunderbird issues (CVE-2006-2780, CVE-2006-2781, CVE-2006-2783,CVE-2006-2782,CVE-2006-2778,CVE-2006-2776,CVE-2006-2784,CVE-2006-2785,CVE-2006-2786,CVE-2006-2787,CVE-2006-2788)↗2006-06-28

▶

Bugzilla

CVE-2006-2779 multiple firefox DoS issues (CVE-2006-2780)↗2006-06-02

▶