CVE-2006-6504
published 2006-12-20CVE-2006-6504: Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG…
PriorityP340critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
8.60%
94.4th percentile
Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | firefox | < firefox 45.0-1 (sid) | firefox 45.0-1 (sid) |
| debian | firefox-esr | < firefox 45.0-1 (sid) | firefox 45.0-1 (sid) |
| mozilla | firefox | >= 1.5 < 1.5.0.9 | 1.5.0.9 |
| mozilla | firefox | >= 2.0 < 2.0.0.1 | 2.0.0.1 |
| mozilla | seamonkey | < 1.0.7 | 1.0.7 |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3HIGH
vendor_redhat9.3CRITICAL
vendor_ubuntu6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Firefox regression
vendor_ubuntu·2007-01-27·CVSS 6.8
[MEDIUM] Firefox regression
Title: Firefox regression
Summary: Firefox regression
USN-398-2 fixed vulnerabilities in Firefox 1.5. However, when
auto-filling saved-password login forms without a username field,
Firefox would crash. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening
a malicious web page containing JavaScript or SVG. (CVE-2006-6497,
CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502,
CVE-2006-6504)
Various flaws have been reported that allow an attacker to bypass
Firefox's internal XSS protections by tricking the user into opening a
malicious web page containing JavaScript. (CVE-2006-6503)
Instructions: After a
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2007-01-03·CVSS 6.8
CVE-2006-6504 [MEDIUM] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox vulnerabilities
USN-398-1 fixed vulnerabilities in Firefox 2.0. This update provides
the corresponding updates for Firefox 1.5.
Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening
a malicious web page containing JavaScript or SVG. (CVE-2006-6497,
CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502,
CVE-2006-6504)
Various flaws have been reported that allow an attacker to bypass
Firefox's internal XSS protections by tricking the user into opening a
malicious web page containing JavaScript. (CVE-2006-6503)
Instructions: After a standard system upgrade you need to restart Firefox to effect
the necessary changes.
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2007-01-03·CVSS 6.8
CVE-2006-6506 [MEDIUM] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox vulnerabilities
Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening
a malicious web page containing JavaScript or SVG. (CVE-2006-6497,
CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502,
CVE-2006-6504)
Various flaws have been reported that allow an attacker to bypass
Firefox's internal XSS protections by tricking the user into opening a
malicious web page containing JavaScript. (CVE-2006-6503,
CVE-2006-6507)
Jared Breland discovered that the "Feed Preview" feature could leak
referrer information to remote servers. (CVE-2006-6506)
Instructions: After a standard system upgrade you need to restart Firefox to effect
the necessary changes.
Red Hat
security flaw
vendor_redhat·2006-12-19·CVSS 9.3
CVE-2006-6504 [CRITICAL] security flaw
security flaw
Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption.
Debian
CVE-2006-6504: firefox - Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1...
vendor_debian·2006·CVSS 9.3
CVE-2006-6504 [CRITICAL] CVE-2006-6504: firefox - Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1...
Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption.
Scope: local
sid: resolved (fixed in 45.0-1)
GHSA
GHSA-3gcx-69hx-4g6m: Mozilla Firefox 2
ghsa_unreviewed·2022-05-03
CVE-2006-6504 [HIGH] CWE-94 GHSA-3gcx-69hx-4g6m: Mozilla Firefox 2
Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption.
OSV
CVE-2006-6504: Mozilla Firefox 2
osv·2006-12-20·CVSS 9.3
CVE-2006-6504 [CRITICAL] CVE-2006-6504: Mozilla Firefox 2
Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2006-6504 security flaw
bugzilla·2018-08-16·CVSS 9.3
CVE-2006-6504 [CRITICAL] CVE-2006-6504 security flaw
CVE-2006-6504 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption.
Bugzilla
seamonkey < 1.0.7 multiple vulnerabilities
bugzilla·2006-12-21·CVSS 6.8
CVE-2006-6497 [MEDIUM] seamonkey < 1.0.7 multiple vulnerabilities
seamonkey < 1.0.7 multiple vulnerabilities
Vulnerabilities reported against seamonkey < 1.0.7:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6497
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6498
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6499
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6500
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6501
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6502
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6503
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6504
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6505
All FE4+ releases have < 1.0.7 at the moment.
By the way, seamonkey's CVS and package repository availability needs fixing,
the FC-5 branch in Extras CVS has been marked as dead with a comment that
seamonkey will be imported as a FC-5 (Core) update, b
Bugzilla
CVE-2006-6497 Multiple Thunderbird issues (CVE-2006-6498, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504, CVE-2006-6505)
bugzilla·2006-12-14·CVSS 6.8
CVE-2006-6497 [MEDIUM] CVE-2006-6497 Multiple Thunderbird issues (CVE-2006-6498, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504, CVE-2006-6505)
CVE-2006-6497 Multiple Thunderbird issues (CVE-2006-6498, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504, CVE-2006-6505)
+++ This bug was initially created as a clone of Bug #219682 +++
The Mozilla project is releasing Firefox 1.5.0.9 to fix several flaws:
mfsa2006-68
impact=moderate,source=mozilla,reported=20061212,public=20061219
As part of the Firefox 2.0.0.1 and 1.5.0.9 update releases we fixed several
bugs to improve the stability of the product. Some of these were crashes
that showed evidence of memory corruption and we presume that at least some
of these could be exploited to run arbitrary code with enough effort.
CVE-2006-6497
Andrew Miller, David Baron, Georgi Guninski, Jesse Ruderman, Olli Pettay and
Vladimir Vukicevic reported crashes in the layout engine
CVE-2
Bugzilla
CVE-2006-6497 Multiple Seamonkey issues (CVE-2006-6498, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504, CVE-2006-6505)
bugzilla·2006-12-14·CVSS 6.8
CVE-2006-6497 [MEDIUM] CVE-2006-6497 Multiple Seamonkey issues (CVE-2006-6498, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504, CVE-2006-6505)
CVE-2006-6497 Multiple Seamonkey issues (CVE-2006-6498, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504, CVE-2006-6505)
+++ This bug was initially created as a clone of Bug #219682 +++
The Mozilla project is releasing Firefox 1.5.0.9 to fix several flaws:
mfsa2006-68
impact=critical,source=mozilla,reported=20061212,public=20061219
As part of the Firefox 2.0.0.1 and 1.5.0.9 update releases we fixed several
bugs to improve the stability of the product. Some of these were crashes
that showed evidence of memory corruption and we presume that at least some
of these could be exploited to run arbitrary code with enough effort.
CVE-2006-6497
Andrew Miller, David Baron, Georgi Guninski, Jesse Ruderman, Olli Pettay and
Vladimir Vukicevic reported crashes in the layout engine
CVE-200
Bugzilla
CVE-2006-6497 Multiple Firefox issues (CVE-2006-6498, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504)
bugzilla·2006-12-14·CVSS 6.8
CVE-2006-6497 [MEDIUM] CVE-2006-6497 Multiple Firefox issues (CVE-2006-6498, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504)
CVE-2006-6497 Multiple Firefox issues (CVE-2006-6498, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504)
The Mozilla project is releasing Firefox 1.5.0.9 to fix several flaws:
mfsa2006-68
impact=critical,source=mozilla,reported=20061212,public=20061219
As part of the Firefox 2.0.0.1 and 1.5.0.9 update releases we fixed several
bugs to improve the stability of the product. Some of these were crashes
that showed evidence of memory corruption and we presume that at least some
of these could be exploited to run arbitrary code with enough effort.
CVE-2006-6497
Andrew Miller, David Baron, Georgi Guninski, Jesse Ruderman, Olli Pettay and
Vladimir Vukicevic reported crashes in the layout engine
CVE-2006-6498
Igor Bukanov, Jesse Ruderman and moz_bug_r_a4 reported potential memory
corr
ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.aschttp://fedoranews.org/cms/node/2297http://fedoranews.org/cms/node/2338http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742http://rhn.redhat.com/errata/RHSA-2006-0758.htmlhttp://rhn.redhat.com/errata/RHSA-2006-0759.htmlhttp://rhn.redhat.com/errata/RHSA-2006-0760.htmlhttp://secunia.com/advisories/23282http://secunia.com/advisories/23422http://secunia.com/advisories/23433http://secunia.com/advisories/23439http://secunia.com/advisories/23440http://secunia.com/advisories/23468http://secunia.com/advisories/23514http://secunia.com/advisories/23545http://secunia.com/advisories/23589http://secunia.com/advisories/23601http://secunia.com/advisories/23614http://secunia.com/advisories/23618http://secunia.com/advisories/23672http://secunia.com/advisories/23692http://security.gentoo.org/glsa/glsa-200701-02.xmlhttp://securitytracker.com/id?1017417http://securitytracker.com/id?1017418http://www.gentoo.org/security/en/glsa/glsa-200701-04.xmlhttp://www.kb.cert.org/vuls/id/928956http://www.mandriva.com/security/advisories?name=MDKSA-2007:010http://www.mozilla.org/security/announce/2006/mfsa2006-73.htmlhttp://www.novell.com/linux/security/advisories/2006_80_mozilla.htmlhttp://www.novell.com/linux/security/advisories/2007_06_mozilla.htmlhttp://www.securityfocus.com/archive/1/454939/100/0/threadedhttp://www.securityfocus.com/archive/1/455145/100/0/threadedhttp://www.securityfocus.com/archive/1/455728/100/200/threadedhttp://www.securityfocus.com/bid/21668http://www.ubuntu.com/usn/usn-398-1http://www.ubuntu.com/usn/usn-398-2http://www.us-cert.gov/cas/techalerts/TA06-354A.htmlhttp://www.vupen.com/english/advisories/2006/5068http://www.vupen.com/english/advisories/2008/0083http://www.zerodayinitiative.com/advisories/ZDI-06-051.htmlhttps://issues.rpath.com/browse/RPL-883https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11077ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.aschttp://fedoranews.org/cms/node/2297http://fedoranews.org/cms/node/2338http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742http://rhn.redhat.com/errata/RHSA-2006-0758.htmlhttp://rhn.redhat.com/errata/RHSA-2006-0759.htmlhttp://rhn.redhat.com/errata/RHSA-2006-0760.htmlhttp://secunia.com/advisories/23282http://secunia.com/advisories/23422http://secunia.com/advisories/23433http://secunia.com/advisories/23439http://secunia.com/advisories/23440http://secunia.com/advisories/23468http://secunia.com/advisories/23514http://secunia.com/advisories/23545http://secunia.com/advisories/23589http://secunia.com/advisories/23601http://secunia.com/advisories/23614http://secunia.com/advisories/23618http://secunia.com/advisories/23672http://secunia.com/advisories/23692http://security.gentoo.org/glsa/glsa-200701-02.xmlhttp://securitytracker.com/id?1017417http://securitytracker.com/id?1017418http://www.gentoo.org/security/en/glsa/glsa-200701-04.xmlhttp://www.kb.cert.org/vuls/id/928956http://www.mandriva.com/security/advisories?name=MDKSA-2007:010http://www.mozilla.org/security/announce/2006/mfsa2006-73.htmlhttp://www.novell.com/linux/security/advisories/2006_80_mozilla.htmlhttp://www.novell.com/linux/security/advisories/2007_06_mozilla.htmlhttp://www.securityfocus.com/archive/1/454939/100/0/threadedhttp://www.securityfocus.com/archive/1/455145/100/0/threadedhttp://www.securityfocus.com/archive/1/455728/100/200/threadedhttp://www.securityfocus.com/bid/21668http://www.ubuntu.com/usn/usn-398-1http://www.ubuntu.com/usn/usn-398-2http://www.us-cert.gov/cas/techalerts/TA06-354A.htmlhttp://www.vupen.com/english/advisories/2006/5068http://www.vupen.com/english/advisories/2008/0083http://www.zerodayinitiative.com/advisories/ZDI-06-051.htmlhttps://issues.rpath.com/browse/RPL-883https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11077
2006-12-20
Published