CVE-2006-6501
published 2006-12-20CVE-2006-6501: Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote…
PriorityP428medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
2.83%
84.9th percentile
Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | firefox | < firefox 45.0-1 (sid) | firefox 45.0-1 (sid) |
| debian | firefox-esr | < firefox 45.0-1 (sid) | firefox 45.0-1 (sid) |
| mozilla | firefox | >= 1.5 < 1.5.0.9 | 1.5.0.9 |
| mozilla | firefox | >= 2.0 < 2.0.0.1 | 2.0.0.1 |
| mozilla | seamonkey | < 1.0.7 | 1.0.7 |
| mozilla | thunderbird | < 1.5.0.9 | 1.5.0.9 |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8HIGH
vendor_redhat6.8MEDIUM
vendor_ubuntu6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rm85-grxg-qm94: Unspecified vulnerability in Mozilla Firefox 2
ghsa_unreviewed·2022-05-03
CVE-2006-6501 [MEDIUM] GHSA-rm85-grxg-qm94: Unspecified vulnerability in Mozilla Firefox 2
Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function.
OSV
CVE-2006-6501: Unspecified vulnerability in Mozilla Firefox 2
osv·2006-12-20·CVSS 6.8
CVE-2006-6501 [MEDIUM] CVE-2006-6501: Unspecified vulnerability in Mozilla Firefox 2
Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function.
Ubuntu
Firefox regression
vendor_ubuntu·2007-01-27·CVSS 6.8
[MEDIUM] Firefox regression
Title: Firefox regression
Summary: Firefox regression
USN-398-2 fixed vulnerabilities in Firefox 1.5. However, when
auto-filling saved-password login forms without a username field,
Firefox would crash. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening
a malicious web page containing JavaScript or SVG. (CVE-2006-6497,
CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502,
CVE-2006-6504)
Various flaws have been reported that allow an attacker to bypass
Firefox's internal XSS protections by tricking the user into opening a
malicious web page containing JavaScript. (CVE-2006-6503)
Instructions: After a
Ubuntu
Thunderbird vulnerabilities
vendor_ubuntu·2007-01-05·CVSS 6.8
CVE-2006-6505 [MEDIUM] Thunderbird vulnerabilities
Title: Thunderbird vulnerabilities
Summary: Thunderbird vulnerabilities
Georgi Guninski and David Bienvenu discovered that long Content-Type and
RFC2047-encoded headers we vulnerable to heap overflows. By tricking
the user into opening a specially crafted email, an attacker could
execute arbitrary code with user privileges. (CVE-2006-6506)
Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges or bypass internal XSS protections
by tricking the user into opening a malicious email containing
JavaScript. Please note that JavaScript is disabled by default for
emails, and it is not recommended to enable it. (CVE-2006-6497,
CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502,
CVE-2006-6503)
Instructions: After a standard system upgrade y
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2007-01-03·CVSS 6.8
CVE-2006-6504 [MEDIUM] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox vulnerabilities
USN-398-1 fixed vulnerabilities in Firefox 2.0. This update provides
the corresponding updates for Firefox 1.5.
Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening
a malicious web page containing JavaScript or SVG. (CVE-2006-6497,
CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502,
CVE-2006-6504)
Various flaws have been reported that allow an attacker to bypass
Firefox's internal XSS protections by tricking the user into opening a
malicious web page containing JavaScript. (CVE-2006-6503)
Instructions: After a standard system upgrade you need to restart Firefox to effect
the necessary changes.
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2007-01-03·CVSS 6.8
CVE-2006-6506 [MEDIUM] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox vulnerabilities
Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening
a malicious web page containing JavaScript or SVG. (CVE-2006-6497,
CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502,
CVE-2006-6504)
Various flaws have been reported that allow an attacker to bypass
Firefox's internal XSS protections by tricking the user into opening a
malicious web page containing JavaScript. (CVE-2006-6503,
CVE-2006-6507)
Jared Breland discovered that the "Feed Preview" feature could leak
referrer information to remote servers. (CVE-2006-6506)
Instructions: After a standard system upgrade you need to restart Firefox to effect
the necessary changes.
Red Hat
security flaw
vendor_redhat·2006-12-19·CVSS 6.8
CVE-2006-6501 [MEDIUM] security flaw
security flaw
Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function.
Debian
CVE-2006-6501: firefox - Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1....
vendor_debian·2006·CVSS 6.8
CVE-2006-6501 [MEDIUM] CVE-2006-6501: firefox - Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1....
Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function.
Scope: local
sid: resolved (fixed in 45.0-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2006-6501 security flaw
bugzilla·2018-08-16·CVSS 6.8
CVE-2006-6501 [MEDIUM] CVE-2006-6501 security flaw
CVE-2006-6501 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function.
Bugzilla
seamonkey < 1.0.7 multiple vulnerabilities
bugzilla·2006-12-21·CVSS 6.8
CVE-2006-6497 [MEDIUM] seamonkey < 1.0.7 multiple vulnerabilities
seamonkey < 1.0.7 multiple vulnerabilities
Vulnerabilities reported against seamonkey < 1.0.7:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6497
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6498
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6499
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6500
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6501
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6502
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6503
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6504
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6505
All FE4+ releases have < 1.0.7 at the moment.
By the way, seamonkey's CVS and package repository availability needs fixing,
the FC-5 branch in Extras CVS has been marked as dead with a comment that
seamonkey will be imported as a FC-5 (Core) update, b
Bugzilla
CVE-2006-6497 Multiple Thunderbird issues (CVE-2006-6498, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504, CVE-2006-6505)
bugzilla·2006-12-14·CVSS 6.8
CVE-2006-6497 [MEDIUM] CVE-2006-6497 Multiple Thunderbird issues (CVE-2006-6498, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504, CVE-2006-6505)
CVE-2006-6497 Multiple Thunderbird issues (CVE-2006-6498, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504, CVE-2006-6505)
+++ This bug was initially created as a clone of Bug #219682 +++
The Mozilla project is releasing Firefox 1.5.0.9 to fix several flaws:
mfsa2006-68
impact=moderate,source=mozilla,reported=20061212,public=20061219
As part of the Firefox 2.0.0.1 and 1.5.0.9 update releases we fixed several
bugs to improve the stability of the product. Some of these were crashes
that showed evidence of memory corruption and we presume that at least some
of these could be exploited to run arbitrary code with enough effort.
CVE-2006-6497
Andrew Miller, David Baron, Georgi Guninski, Jesse Ruderman, Olli Pettay and
Vladimir Vukicevic reported crashes in the layout engine
CVE-2
Bugzilla
CVE-2006-6497 Multiple Seamonkey issues (CVE-2006-6498, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504, CVE-2006-6505)
bugzilla·2006-12-14·CVSS 6.8
CVE-2006-6497 [MEDIUM] CVE-2006-6497 Multiple Seamonkey issues (CVE-2006-6498, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504, CVE-2006-6505)
CVE-2006-6497 Multiple Seamonkey issues (CVE-2006-6498, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504, CVE-2006-6505)
+++ This bug was initially created as a clone of Bug #219682 +++
The Mozilla project is releasing Firefox 1.5.0.9 to fix several flaws:
mfsa2006-68
impact=critical,source=mozilla,reported=20061212,public=20061219
As part of the Firefox 2.0.0.1 and 1.5.0.9 update releases we fixed several
bugs to improve the stability of the product. Some of these were crashes
that showed evidence of memory corruption and we presume that at least some
of these could be exploited to run arbitrary code with enough effort.
CVE-2006-6497
Andrew Miller, David Baron, Georgi Guninski, Jesse Ruderman, Olli Pettay and
Vladimir Vukicevic reported crashes in the layout engine
CVE-200
Bugzilla
CVE-2006-6497 Multiple Firefox issues (CVE-2006-6498, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504)
bugzilla·2006-12-14·CVSS 6.8
CVE-2006-6497 [MEDIUM] CVE-2006-6497 Multiple Firefox issues (CVE-2006-6498, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504)
CVE-2006-6497 Multiple Firefox issues (CVE-2006-6498, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504)
The Mozilla project is releasing Firefox 1.5.0.9 to fix several flaws:
mfsa2006-68
impact=critical,source=mozilla,reported=20061212,public=20061219
As part of the Firefox 2.0.0.1 and 1.5.0.9 update releases we fixed several
bugs to improve the stability of the product. Some of these were crashes
that showed evidence of memory corruption and we presume that at least some
of these could be exploited to run arbitrary code with enough effort.
CVE-2006-6497
Andrew Miller, David Baron, Georgi Guninski, Jesse Ruderman, Olli Pettay and
Vladimir Vukicevic reported crashes in the layout engine
CVE-2006-6498
Igor Bukanov, Jesse Ruderman and moz_bug_r_a4 reported potential memory
corr
ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.aschttp://fedoranews.org/cms/node/2297http://fedoranews.org/cms/node/2338http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742http://rhn.redhat.com/errata/RHSA-2006-0758.htmlhttp://rhn.redhat.com/errata/RHSA-2006-0759.htmlhttp://rhn.redhat.com/errata/RHSA-2006-0760.htmlhttp://secunia.com/advisories/23282http://secunia.com/advisories/23420http://secunia.com/advisories/23422http://secunia.com/advisories/23433http://secunia.com/advisories/23439http://secunia.com/advisories/23440http://secunia.com/advisories/23468http://secunia.com/advisories/23514http://secunia.com/advisories/23545http://secunia.com/advisories/23589http://secunia.com/advisories/23591http://secunia.com/advisories/23598http://secunia.com/advisories/23601http://secunia.com/advisories/23614http://secunia.com/advisories/23618http://secunia.com/advisories/23672http://secunia.com/advisories/23692http://secunia.com/advisories/23988http://secunia.com/advisories/24078http://secunia.com/advisories/24390http://security.gentoo.org/glsa/glsa-200701-02.xmlhttp://securitytracker.com/id?1017403http://securitytracker.com/id?1017404http://securitytracker.com/id?1017407http://www.debian.org/security/2007/dsa-1253http://www.debian.org/security/2007/dsa-1258http://www.debian.org/security/2007/dsa-1265http://www.gentoo.org/security/en/glsa/glsa-200701-03.xmlhttp://www.gentoo.org/security/en/glsa/glsa-200701-04.xmlhttp://www.kb.cert.org/vuls/id/263412http://www.mandriva.com/security/advisories?name=MDKSA-2007:010http://www.mandriva.com/security/advisories?name=MDKSA-2007:011http://www.mozilla.org/security/announce/2006/mfsa2006-70.htmlhttp://www.novell.com/linux/security/advisories/2006_80_mozilla.htmlhttp://www.novell.com/linux/security/advisories/2007_06_mozilla.htmlhttp://www.securityfocus.com/archive/1/455145/100/0/threadedhttp://www.securityfocus.com/archive/1/455728/100/200/threadedhttp://www.securityfocus.com/bid/21668http://www.ubuntu.com/usn/usn-398-1http://www.ubuntu.com/usn/usn-398-2http://www.ubuntu.com/usn/usn-400-1http://www.us-cert.gov/cas/techalerts/TA06-354A.htmlhttp://www.vupen.com/english/advisories/2006/5068http://www.vupen.com/english/advisories/2008/0083https://issues.rpath.com/browse/RPL-883https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9746ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.aschttp://fedoranews.org/cms/node/2297http://fedoranews.org/cms/node/2338http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742http://rhn.redhat.com/errata/RHSA-2006-0758.htmlhttp://rhn.redhat.com/errata/RHSA-2006-0759.htmlhttp://rhn.redhat.com/errata/RHSA-2006-0760.htmlhttp://secunia.com/advisories/23282http://secunia.com/advisories/23420http://secunia.com/advisories/23422http://secunia.com/advisories/23433http://secunia.com/advisories/23439http://secunia.com/advisories/23440http://secunia.com/advisories/23468http://secunia.com/advisories/23514http://secunia.com/advisories/23545http://secunia.com/advisories/23589http://secunia.com/advisories/23591http://secunia.com/advisories/23598http://secunia.com/advisories/23601http://secunia.com/advisories/23614http://secunia.com/advisories/23618http://secunia.com/advisories/23672http://secunia.com/advisories/23692http://secunia.com/advisories/23988http://secunia.com/advisories/24078http://secunia.com/advisories/24390http://security.gentoo.org/glsa/glsa-200701-02.xmlhttp://securitytracker.com/id?1017403http://securitytracker.com/id?1017404http://securitytracker.com/id?1017407http://www.debian.org/security/2007/dsa-1253http://www.debian.org/security/2007/dsa-1258http://www.debian.org/security/2007/dsa-1265http://www.gentoo.org/security/en/glsa/glsa-200701-03.xmlhttp://www.gentoo.org/security/en/glsa/glsa-200701-04.xmlhttp://www.kb.cert.org/vuls/id/263412http://www.mandriva.com/security/advisories?name=MDKSA-2007:010http://www.mandriva.com/security/advisories?name=MDKSA-2007:011http://www.mozilla.org/security/announce/2006/mfsa2006-70.htmlhttp://www.novell.com/linux/security/advisories/2006_80_mozilla.htmlhttp://www.novell.com/linux/security/advisories/2007_06_mozilla.htmlhttp://www.securityfocus.com/archive/1/455145/100/0/threadedhttp://www.securityfocus.com/archive/1/455728/100/200/threadedhttp://www.securityfocus.com/bid/21668http://www.ubuntu.com/usn/usn-398-1http://www.ubuntu.com/usn/usn-398-2
+ 6 more references
2006-12-20
Published