cbcvebase.
CVE-2006-6504
published 2006-12-20

CVE-2006-6504: Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG…

PriorityP340critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
8.60%
94.4th percentile
Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption.

Affected

8 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debianfirefox< firefox 45.0-1 (sid)firefox 45.0-1 (sid)
debianfirefox-esr< firefox 45.0-1 (sid)firefox 45.0-1 (sid)
mozillafirefox>= 1.5 < 1.5.0.91.5.0.9
mozillafirefox>= 2.0 < 2.0.0.12.0.0.1
mozillaseamonkey< 1.0.71.0.7

CVSS provenance

nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3HIGH
vendor_redhat9.3CRITICAL
vendor_ubuntu6.8MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.