CVE-2006-6502Firefox vulnerability

15 documents8 sources
Severity
7.1HIGHNVD
EPSS
25.7%
top 3.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Debian FirefoxDebian Firefox-esrMozilla Firefox+2 more
Timeline
PublishedDec 20
Latest updateMay 3

Description

Use-after-free vulnerability in the LiveConnect bridge code for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) via unknown vectors.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages5 packages

NVDmozilla/firefox10 versions+9
NVDmozilla/seamonkey7 versions+6
NVDmozilla/thunderbird29 versions+28
debiandebian/firefox< firefox 45.0-1 (sid)
debiandebian/firefox-esr< firefox 45.0-1 (sid)

🔴Vulnerability Details

2
GHSA
GHSA-2mcv-r2jw-5qxh: Use-after-free vulnerability in the LiveConnect bridge code for Mozilla Firefox 22022-05-03
OSV
CVE-2006-6502: Use-after-free vulnerability in the LiveConnect bridge code for Mozilla Firefox 22006-12-20

💥Exploits & PoCs

1
Exploit-DB
CA BrightStor ARCserve - 'tapeeng.exe' Remote Buffer Overflow2007-01-05

📋Vendor Advisories

6
Ubuntu
Firefox regression2007-01-27
Ubuntu
Thunderbird vulnerabilities2007-01-05
Ubuntu
Firefox vulnerabilities2007-01-03
Ubuntu
Firefox vulnerabilities2007-01-03
Red Hat
security flaw2006-12-19

💬Community

5
Bugzilla
CVE-2006-6502 security flaw2018-08-16
Bugzilla
seamonkey < 1.0.7 multiple vulnerabilities2006-12-21
Bugzilla
CVE-2006-6497 Multiple Thunderbird issues (CVE-2006-6498, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504, CVE-2006-6505)2006-12-14
Bugzilla
CVE-2006-6497 Multiple Seamonkey issues (CVE-2006-6498, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504, CVE-2006-6505)2006-12-14
Bugzilla
CVE-2006-6497 Multiple Firefox issues (CVE-2006-6498, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504)2006-12-14