CVE-2006-5464
published 2006-11-08CVE-2006-5464: Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow…
PriorityP415medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
4.29%
89.9th percentile
Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) via unspecified vectors.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 45.0-1 (sid) | firefox 45.0-1 (sid) |
| debian | firefox-esr | < firefox 45.0-1 (sid) | firefox 45.0-1 (sid) |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_ubuntu6.4MEDIUM
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Mozilla Firefox up to 1.5.0.7 Javascript Layout Engine denial of service (MFSA2006-65 / VU#495288)
vuldb·2026-04-27·CVSS 5.0
CVE-2006-5464 [MEDIUM] Mozilla Firefox up to 1.5.0.7 Javascript Layout Engine denial of service (MFSA2006-65 / VU#495288)
A vulnerability was found in Mozilla Firefox up to 1.5.0.7 and classified as critical. This affects an unknown part of the component Javascript Layout Engine. The manipulation results in denial of service.
This vulnerability is cataloged as CVE-2006-5464. The attack may be launched remotely. There is no exploit available.
It is suggested to upgrade the affected component.
GHSA
GHSA-6w9g-5797-3mxw: Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1
ghsa_unreviewed·2022-05-03
CVE-2006-5464 [MEDIUM] GHSA-6w9g-5797-3mxw: Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1
Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) via unspecified vectors.
OSV
CVE-2006-5464: Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1
osv·2006-11-08·CVSS 5.0
CVE-2006-5464 [MEDIUM] CVE-2006-5464: Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1
Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) via unspecified vectors.
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2006-11-21·CVSS 6.4
CVE-2006-5462 [MEDIUM] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox vulnerabilities
USN-351-1 fixed a flaw in the verification of PKCS certificate
signatures. Ulrich Kuehn discovered a variant of the original attack
which the original fix did not cover. (CVE-2006-5462)
Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening
a malicious web page containing JavaScript. (CVE-2006-5463,
CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)
Instructions: After a standard system upgrade you need to restart Firefox to
effect the necessary changes.
Ubuntu
Thunderbird vulnerabilities
vendor_ubuntu·2006-11-21·CVSS 6.4
CVE-2006-5462 [MEDIUM] Thunderbird vulnerabilities
Title: Thunderbird vulnerabilities
Summary: Thunderbird vulnerabilities
USN-352-1 fixed a flaw in the verification of PKCS certificate
signatures. Ulrich Kuehn discovered a variant of the original attack
which the original fix did not cover. (CVE-2006-5462)
Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening a
malicious email containing JavaScript. Please note that JavaScript is
disabled by default for emails, and it is not recommended to enable it.
(CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)
Instructions: After a standard system upgrade you need to restart Thunderbird to
effect the necessary changes.
Red Hat
security flaw
vendor_redhat·2006-11-08·CVSS 5.0
CVE-2006-5464 [MEDIUM] security flaw
security flaw
Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) via unspecified vectors.
Debian
CVE-2006-5464: firefox - Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox bef...
vendor_debian·2006·CVSS 5.0
CVE-2006-5464 [MEDIUM] CVE-2006-5464: firefox - Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox bef...
Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) via unspecified vectors.
Scope: local
sid: resolved (fixed in 45.0-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2006-5464 security flaw
bugzilla·2018-08-16·CVSS 5.0
CVE-2006-5464 [MEDIUM] CVE-2006-5464 security flaw
CVE-2006-5464 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) via unspecified vectors.
Bugzilla
seamonkey < 1.0.6 multiple vulnerabilities
bugzilla·2006-11-09·CVSS 7.5
CVE-2006-5463 [HIGH] seamonkey < 1.0.6 multiple vulnerabilities
seamonkey < 1.0.6 multiple vulnerabilities
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5463
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5464
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5747
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5748
Discussion:
fixed in Extras for FC6 and Rawhide
Bugzilla
CVE-2006-5462 Multiple thunderbird vulnerabilities (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)
bugzilla·2006-11-07·CVSS 6.4
CVE-2006-5462 [MEDIUM] CVE-2006-5462 Multiple thunderbird vulnerabilities (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)
CVE-2006-5462 Multiple thunderbird vulnerabilities (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)
+++ This bug was initially created as a clone of Bug #214445 +++
The Mozilla project is releasing Thunderbird 1.5.0.8 to fix a number of security
flaws (Text taken from the upstream advisories):
mfsa2006-66
CVE-2006-5462
impact=important,reported=20061107,public=20061107,source=mozilla
MFSA 2006-60 reported that RSA digital signatures with a low exponent
(typically 3) could be forged, and that this flaw was corrected in the
Mozilla Network Security Services (NSS) library version 3.11.3 used by
Firefox 2.0 and current development versions of Mozilla clients.
Ulrich Kuehn reported that Firefox 1.5.0.7, which incorporated NSS version
3.10.2, was incompletely patched and remaine
Bugzilla
CVE-2006-5462 Multiple firefox vulnerabilities (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)
bugzilla·2006-11-07·CVSS 6.4
CVE-2006-5462 [MEDIUM] CVE-2006-5462 Multiple firefox vulnerabilities (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)
CVE-2006-5462 Multiple firefox vulnerabilities (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)
The Mozilla project is releasing Firefox 1.5.0.8 to fix a number of security
flaws (Text taken from the upstream advisories):
mfsa2006-66
CVE-2006-5462
impact=important,reported=20061107,public=20061107,source=mozilla
MFSA 2006-60 reported that RSA digital signatures with a low exponent
(typically 3) could be forged, and that this flaw was corrected in the
Mozilla Network Security Services (NSS) library version 3.11.3 used by
Firefox 2.0 and current development versions of Mozilla clients.
Ulrich Kuehn reported that Firefox 1.5.0.7, which incorporated NSS version
3.10.2, was incompletely patched and remained vulnerable to a variant of
this attack.
mfsa2006-67
CVE-2006-5463
impac
Bugzilla
CVE-2006-5462 Multiple seamonkey vulnerabilities (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)
bugzilla·2006-11-07·CVSS 6.4
CVE-2006-5462 [MEDIUM] CVE-2006-5462 Multiple seamonkey vulnerabilities (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)
CVE-2006-5462 Multiple seamonkey vulnerabilities (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)
+++ This bug was initially created as a clone of Bug #214445 +++
Seamonkey 1.0.6 is being released to fix a number of security flaws (Text taken
from the upstream advisories):
mfsa2006-66
CVE-2006-5462
impact=important,reported=20061107,public=20061107,source=mozilla
MFSA 2006-60 reported that RSA digital signatures with a low exponent
(typically 3) could be forged, and that this flaw was corrected in the
Mozilla Network Security Services (NSS) library version 3.11.3 used by
Firefox 2.0 and current development versions of Mozilla clients.
Ulrich Kuehn reported that Firefox 1.5.0.7, which incorporated NSS version
3.10.2, was incompletely patched and remained vulnerable to a var
ftp://patches.sgi.com/support/free/security/advisories/20061101-01-Phttp://rhn.redhat.com/errata/RHSA-2006-0733.htmlhttp://rhn.redhat.com/errata/RHSA-2006-0734.htmlhttp://rhn.redhat.com/errata/RHSA-2006-0735.htmlhttp://secunia.com/advisories/22066http://secunia.com/advisories/22722http://secunia.com/advisories/22727http://secunia.com/advisories/22737http://secunia.com/advisories/22763http://secunia.com/advisories/22770http://secunia.com/advisories/22774http://secunia.com/advisories/22815http://secunia.com/advisories/22817http://secunia.com/advisories/22929http://secunia.com/advisories/22965http://secunia.com/advisories/22980http://secunia.com/advisories/23009http://secunia.com/advisories/23013http://secunia.com/advisories/23197http://secunia.com/advisories/23202http://secunia.com/advisories/23235http://secunia.com/advisories/23263http://secunia.com/advisories/23287http://secunia.com/advisories/23297http://secunia.com/advisories/24711http://secunia.com/advisories/27328http://security.gentoo.org/glsa/glsa-200612-06.xmlhttp://security.gentoo.org/glsa/glsa-200612-07.xmlhttp://security.gentoo.org/glsa/glsa-200612-08.xmlhttp://securitytracker.com/id?1017177http://securitytracker.com/id?1017178http://securitytracker.com/id?1017179http://sunsolve.sun.com/search/document.do?assetkey=1-26-103121-1http://sunsolve.sun.com/search/document.do?assetkey=1-66-200587-1http://support.avaya.com/elmodocs2/security/ASA-2006-246.htmhttp://www.debian.org/security/2006/dsa-1224http://www.debian.org/security/2006/dsa-1225http://www.debian.org/security/2006/dsa-1227http://www.kb.cert.org/vuls/id/495288http://www.mandriva.com/security/advisories?name=MDKSA-2006:205http://www.mandriva.com/security/advisories?name=MDKSA-2006:206http://www.mozilla.org/security/announce/2006/mfsa2006-65.htmlhttp://www.novell.com/linux/security/advisories/2006_68_mozilla.htmlhttp://www.securityfocus.com/archive/1/451099/100/0/threadedhttp://www.securityfocus.com/bid/20957http://www.ubuntu.com/usn/usn-381-1http://www.ubuntu.com/usn/usn-382-1http://www.us-cert.gov/cas/techalerts/TA06-312A.htmlhttp://www.vupen.com/english/advisories/2006/3748http://www.vupen.com/english/advisories/2006/4387http://www.vupen.com/english/advisories/2007/1198http://www.vupen.com/english/advisories/2007/3588http://www.vupen.com/english/advisories/2008/0083http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742https://bugzilla.mozilla.org/show_bug.cgi?id=307809https://bugzilla.mozilla.org/show_bug.cgi?id=310267https://bugzilla.mozilla.org/show_bug.cgi?id=350370https://bugzilla.mozilla.org/show_bug.cgi?id=351328https://exchange.xforce.ibmcloud.com/vulnerabilities/30092https://issues.rpath.com/browse/RPL-765https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9304ftp://patches.sgi.com/support/free/security/advisories/20061101-01-Phttp://rhn.redhat.com/errata/RHSA-2006-0733.htmlhttp://rhn.redhat.com/errata/RHSA-2006-0734.htmlhttp://rhn.redhat.com/errata/RHSA-2006-0735.htmlhttp://secunia.com/advisories/22066http://secunia.com/advisories/22722http://secunia.com/advisories/22727http://secunia.com/advisories/22737http://secunia.com/advisories/22763http://secunia.com/advisories/22770http://secunia.com/advisories/22774http://secunia.com/advisories/22815http://secunia.com/advisories/22817http://secunia.com/advisories/22929http://secunia.com/advisories/22965http://secunia.com/advisories/22980http://secunia.com/advisories/23009http://secunia.com/advisories/23013http://secunia.com/advisories/23197http://secunia.com/advisories/23202http://secunia.com/advisories/23235http://secunia.com/advisories/23263http://secunia.com/advisories/23287http://secunia.com/advisories/23297http://secunia.com/advisories/24711http://secunia.com/advisories/27328http://security.gentoo.org/glsa/glsa-200612-06.xmlhttp://security.gentoo.org/glsa/glsa-200612-07.xmlhttp://security.gentoo.org/glsa/glsa-200612-08.xmlhttp://securitytracker.com/id?1017177http://securitytracker.com/id?1017178http://securitytracker.com/id?1017179http://sunsolve.sun.com/search/document.do?assetkey=1-26-103121-1http://sunsolve.sun.com/search/document.do?assetkey=1-66-200587-1http://support.avaya.com/elmodocs2/security/ASA-2006-246.htmhttp://www.debian.org/security/2006/dsa-1224http://www.debian.org/security/2006/dsa-1225http://www.debian.org/security/2006/dsa-1227http://www.kb.cert.org/vuls/id/495288
+ 22 more references
2006-11-08
Published