cbcvebase.
CVE-2006-6503
published 2006-12-20

CVE-2006-6503: Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to bypass cross-site…

PriorityP419medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
3.97%
89.2th percentile
Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to bypass cross-site scripting (XSS) protection by changing the src attribute of an IMG element to a javascript: URI.

Affected

11 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debiandebian_linux
debiandebian_linux
debianfirefox< firefox 45.0-1 (sid)firefox 45.0-1 (sid)
debianfirefox-esr< firefox 45.0-1 (sid)firefox 45.0-1 (sid)
mozillafirefox>= 1.5 < 1.5.0.91.5.0.9
mozillafirefox>= 2.0 < 2.0.0.12.0.0.1
mozillaseamonkey< 1.0.71.0.7
mozillathunderbird< 1.5.0.91.5.0.9

CVSS provenance

nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8HIGH
vendor_redhat6.8MEDIUM
vendor_ubuntu6.8MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.