Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2006-2779

Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption.

Published

2006-06-02T19:02:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 9.3 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

10.0

Weaknesses

Type: Primary
CWE-94

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mozilla	firefox	0.8	Yes
Application	mozilla	firefox	0.9	Yes
Application	mozilla	firefox	0.9	Yes
Application	mozilla	firefox	0.9.1	Yes
Application	mozilla	firefox	0.9.2	Yes
Application	mozilla	firefox	0.9.3	Yes
Application	mozilla	firefox	0.10	Yes
Application	mozilla	firefox	0.10.1	Yes
Application	mozilla	firefox	1.0	Yes
Application	mozilla	firefox	1.0.1	Yes
Application	mozilla	firefox	1.0.2	Yes
Application	mozilla	firefox	1.0.3	Yes
Application	mozilla	firefox	1.0.4	Yes
Application	mozilla	firefox	1.0.5	Yes
Application	mozilla	firefox	1.0.6	Yes
Application	mozilla	firefox	1.0.7	Yes
Application	mozilla	firefox	1.0.8	Yes
Application	mozilla	firefox	1.5	Yes
Application	mozilla	firefox	1.5	Yes
Application	mozilla	firefox	1.5	Yes
Application	mozilla	firefox	1.5.0.2	Yes
Application	mozilla	firefox	1.5.1	Yes
Application	mozilla	firefox	1.5.2	Yes
Application	mozilla	firefox	1.5.3	Yes
Application	mozilla	firefox	preview_release	Yes
Application	mozilla	thunderbird	0.6	Yes
Application	mozilla	thunderbird	0.7	Yes
Application	mozilla	thunderbird	0.7.1	Yes
Application	mozilla	thunderbird	0.7.2	Yes
Application	mozilla	thunderbird	0.7.3	Yes
Application	mozilla	thunderbird	0.8	Yes
Application	mozilla	thunderbird	0.9	Yes
Application	mozilla	thunderbird	1.0	Yes
Application	mozilla	thunderbird	1.0.1	Yes
Application	mozilla	thunderbird	1.0.2	Yes
Application	mozilla	thunderbird	1.0.5	Yes
Application	mozilla	thunderbird	1.0.6	Yes
Application	mozilla	thunderbird	1.0.7	Yes
Application	mozilla	thunderbird	1.0.8	Yes
Application	mozilla	thunderbird	1.5	Yes
Application	mozilla	thunderbird	1.5	Yes
Application	mozilla	thunderbird	1.5.1	Yes
Application	mozilla	thunderbird	1.5.2	Yes

References

http://rhn.redhat.com/errata/RHSA-2006-0609.html Vendor Advisory ([email protected])
http://secunia.com/advisories/20376 Patch, Vendor Advisory ([email protected])
http://secunia.com/advisories/20382 Patch, Vendor Advisory ([email protected])
http://secunia.com/advisories/20561 Patch, Vendor Advisory ([email protected])
http://secunia.com/advisories/20709 ([email protected])
http://secunia.com/advisories/21134 Vendor Advisory ([email protected])
http://secunia.com/advisories/21176 Vendor Advisory ([email protected])
http://secunia.com/advisories/21178 Vendor Advisory ([email protected])
http://secunia.com/advisories/21183 Vendor Advisory ([email protected])
http://secunia.com/advisories/21188 Vendor Advisory ([email protected])
http://secunia.com/advisories/21210 Vendor Advisory ([email protected])
http://secunia.com/advisories/21269 Vendor Advisory ([email protected])
http://secunia.com/advisories/21270 Vendor Advisory ([email protected])
http://secunia.com/advisories/21324 Vendor Advisory ([email protected])
http://secunia.com/advisories/21336 Vendor Advisory ([email protected])
http://secunia.com/advisories/21532 Vendor Advisory ([email protected])
http://secunia.com/advisories/21607 Vendor Advisory ([email protected])
http://secunia.com/advisories/21631 Vendor Advisory ([email protected])
http://secunia.com/advisories/21634 Vendor Advisory ([email protected])
http://secunia.com/advisories/21654 Vendor Advisory ([email protected])
http://secunia.com/advisories/22065 ([email protected])
http://secunia.com/advisories/22066 ([email protected])
http://secunia.com/advisories/27216 ([email protected])
http://securitytracker.com/id?1016202 Patch ([email protected])
http://securitytracker.com/id?1016214 Patch ([email protected])
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102943-1 ([email protected])
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200387-1 ([email protected])
http://www.debian.org/security/2006/dsa-1118 ([email protected])
http://www.debian.org/security/2006/dsa-1120 ([email protected])
http://www.debian.org/security/2006/dsa-1134 ([email protected])
http://www.debian.org/security/2006/dsa-1159 ([email protected])
http://www.debian.org/security/2006/dsa-1160 ([email protected])
http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml Patch, Vendor Advisory ([email protected])
http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml ([email protected])
http://www.kb.cert.org/vuls/id/466673 US Government Resource ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2006:143 ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2006:145 ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2006:146 ([email protected])
http://www.mozilla.org/security/announce/2006/mfsa2006-32.html ([email protected])
http://www.novell.com/linux/security/advisories/2006_35_mozilla.html ([email protected])
http://www.redhat.com/support/errata/RHSA-2006-0578.html Vendor Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2006-0594.html Vendor Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2006-0610.html Vendor Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2006-0611.html Vendor Advisory ([email protected])
http://www.securityfocus.com/archive/1/435795/100/0/threaded ([email protected])
http://www.securityfocus.com/archive/1/446657/100/200/threaded ([email protected])
http://www.securityfocus.com/archive/1/446657/100/200/threaded ([email protected])
http://www.securityfocus.com/archive/1/446658/100/200/threaded ([email protected])
http://www.securityfocus.com/archive/1/446658/100/200/threaded ([email protected])
http://www.securityfocus.com/bid/18228 ([email protected])
http://www.us-cert.gov/cas/techalerts/TA06-153A.html Patch, US Government Resource ([email protected])
http://www.vupen.com/english/advisories/2006/2106 ([email protected])
http://www.vupen.com/english/advisories/2006/3748 ([email protected])
http://www.vupen.com/english/advisories/2006/3749 ([email protected])
http://www.vupen.com/english/advisories/2007/3488 ([email protected])
http://www.vupen.com/english/advisories/2008/0083 ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/26843 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9762 ([email protected])
https://usn.ubuntu.com/296-1/ ([email protected])
https://usn.ubuntu.com/296-2/ ([email protected])
https://usn.ubuntu.com/297-1/ ([email protected])
https://usn.ubuntu.com/297-3/ ([email protected])
https://usn.ubuntu.com/323-1/ ([email protected])
http://rhn.redhat.com/errata/RHSA-2006-0609.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/20376 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/20382 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/20561 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/20709 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/21134 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/21176 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/21178 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/21183 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/21188 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/21210 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/21269 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/21270 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/21324 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/21336 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/21532 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/21607 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/21631 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/21634 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/21654 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/22065 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/22066 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/27216 (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1016202 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1016214 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102943-1 (af854a3a-2127-422b-91ae-364da2661108)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200387-1 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2006/dsa-1118 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2006/dsa-1120 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2006/dsa-1134 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2006/dsa-1159 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2006/dsa-1160 (af854a3a-2127-422b-91ae-364da2661108)
http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml (af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/466673 US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2006:143 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2006:145 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2006:146 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mozilla.org/security/announce/2006/mfsa2006-32.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.novell.com/linux/security/advisories/2006_35_mozilla.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2006-0578.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2006-0594.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2006-0610.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2006-0611.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/435795/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/446657/100/200/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/446657/100/200/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/446658/100/200/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/446658/100/200/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/18228 (af854a3a-2127-422b-91ae-364da2661108)
http://www.us-cert.gov/cas/techalerts/TA06-153A.html Patch, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/2106 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/3748 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/3749 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/3488 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/0083 (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/26843 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9762 (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/296-1/ (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/296-2/ (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/297-1/ (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/297-3/ (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/323-1/ (af854a3a-2127-422b-91ae-364da2661108)