CVE-2006-2781Improper Restriction of Operations within the Bounds of a Memory Buffer in Thunderbird

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer12 documents7 sources
Severity
6.4MEDIUMNVD
EPSS
7.2%
top 8.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla ThunderbirdDebian ThunderbirdMozilla Seamonkey
Timeline
PublishedJun 2
Latest updateMay 1

Description

Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a VCard that contains invalid base64 characters.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages4 packages

Debianmozilla/thunderbird< 1.5.0.4-1+3
NVDmozilla/thunderbird1.5.0.3
debiandebian/thunderbird< thunderbird 1.5.0.4-1 (bookworm)

🔴Vulnerability Details

2
GHSA
GHSA-59hc-56j6-9j87: Double free vulnerability in nsVCard2022-05-01
OSV
CVE-2006-2781: Double free vulnerability in nsVCard2006-06-02

📋Vendor Advisories

5
Ubuntu
mozilla vulnerabilities2006-07-26
Ubuntu
Thunderbird vulnerabilities2006-07-26
Ubuntu
Thunderbird vulnerabilities2006-06-14
Red Hat
(seamonkey): DOS/arbitrary code execution vuln with vcards2006-06-02
Debian
CVE-2006-2781: thunderbird - Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before 1.5.0.4 a...2006

💬Community

4
Bugzilla
CVE-2006-2779 multiple Thunderbird issues (CVE-2006-2780, CVE-2006-2781, CVE-2006-2783,CVE-2006-2782,CVE-2006-2778,CVE-2006-2776,CVE-2006-2784,CVE-2006-2785,CVE-2006-2786,CVE-2006-2787,CVE-2006-2788)2006-06-28
Bugzilla
CVE-2006-2779 Multiple Mozilla issues (CVE-2006-2781, CVE-2006-2788)2006-06-14
Bugzilla
CVE-2006-2779 Multiple Mozilla, Firefox issues (CVE-2006-2781, CVE-2006-2788)2006-06-08
Bugzilla
CVE-2006-2781 (seamonkey): DOS/arbitrary code execution vuln with vcards2006-06-03