Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-4310 — Improper Input Validation in Firefox

CWE-20 — Improper Input Validation6 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

15.8%

top 5.24%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Debian Firefox Debian Firefox-esr Mozilla Firefox

Timeline

PublishedAug 23

Latest updateMay 1

Description

Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FTP response, when attempting to connect with a username and password via the FTP URI.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶NVDmozilla/firefox1.5.0.6

▶debiandebian/firefox< firefox 45.0-1 (sid)

▶debiandebian/firefox-esr< firefox 45.0-1 (sid)

🔴Vulnerability Details

GHSA

GHSA-39vq-3f5w-q742: Mozilla Firefox 1↗2022-05-01

▶

OSV

CVE-2006-4310: Mozilla Firefox 1↗2006-08-23

▶

💥Exploits & PoCs

Exploit-DB

Novell Identity Manager - Arbitrary Command Execution↗2006-08-18

▶

📋Vendor Advisories

Debian

CVE-2006-4310: firefox - Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of service (cr...↗2006

▶

Red Hat

CVE-2006-4310: Mozilla Firefox 1↗

▶