CVE-2006-6500 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources

Severity

6.8MEDIUMNVD

EPSS

37.5%

top 2.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird +3 more

Timeline

PublishedDec 20

Latest updateMay 1

Description

Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by setting the CSS cursor to certain images that cause an incorrect size calculation when converting to a Windows bitmap.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages4 packages

▶NVDmozilla/firefox1.5 — 1.5.0.9+1

▶NVDmozilla/seamonkey< 1.0.7

▶NVDmozilla/thunderbird< 1.5.0.9

▶debiandebian/firefox

Also affects: Debian Linux 3.1, 4.0, Ubuntu Linux 5.10, 6.06, 6.10

🔴Vulnerability Details

GHSA

GHSA-59wr-4mm2-55f2: Heap-based buffer overflow in Mozilla Firefox 2↗2022-05-01

▶

📋Vendor Advisories

Debian

CVE-2006-6500: firefox - Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1...↗2006

▶

💬Community

Bugzilla

seamonkey < 1.0.7 multiple vulnerabilities↗2006-12-21

▶