CVE-2006-6504 — Code Injection in Mozilla Firefox

CWE-94 — Code Injection13 documents7 sources

Severity

9.3CRITICALNVD

EPSS

41.6%

top 2.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Debian Firefox +2 more

Timeline

PublishedDec 20

Latest updateMay 3

Description

Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

▶NVDmozilla/firefox1.5 — 1.5.0.9+1

▶NVDmozilla/seamonkey< 1.0.7

▶debiandebian/firefox< firefox 45.0-1 (sid)

▶debiandebian/firefox-esr< firefox 45.0-1 (sid)

Also affects: Ubuntu Linux 5.10, 6.06, 6.10

🔴Vulnerability Details

GHSA

GHSA-3gcx-69hx-4g6m: Mozilla Firefox 2↗2022-05-03

▶

OSV

CVE-2006-6504: Mozilla Firefox 2↗2006-12-20

▶

📋Vendor Advisories

Ubuntu

Firefox regression↗2007-01-27

▶

Ubuntu

Firefox vulnerabilities↗2007-01-03

▶

Ubuntu

Firefox vulnerabilities↗2007-01-03

▶

Red Hat

security flaw↗2006-12-19

▶

Debian

CVE-2006-6504: firefox - Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1...↗2006

▶

💬Community

Bugzilla

CVE-2006-6504 security flaw↗2018-08-16

▶

Bugzilla

seamonkey < 1.0.7 multiple vulnerabilities↗2006-12-21

▶

Bugzilla

CVE-2006-6497 Multiple Thunderbird issues (CVE-2006-6498, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504, CVE-2006-6505)↗2006-12-14

▶

Bugzilla

CVE-2006-6497 Multiple Seamonkey issues (CVE-2006-6498, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504, CVE-2006-6505)↗2006-12-14

▶

Bugzilla

CVE-2006-6497 Multiple Firefox issues (CVE-2006-6498, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504)↗2006-12-14

▶