Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2006-2788

Double free vulnerability in the getRawDER function for nsIX509Cert in Firefox allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via certain Javascript code.

Published

2006-06-02T21:06:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mozilla	firefox	0.8	Yes
Application	mozilla	firefox	0.9	Yes
Application	mozilla	firefox	0.9	Yes
Application	mozilla	firefox	0.9.1	Yes
Application	mozilla	firefox	0.9.2	Yes
Application	mozilla	firefox	0.9.3	Yes
Application	mozilla	firefox	0.10	Yes
Application	mozilla	firefox	0.10.1	Yes
Application	mozilla	firefox	1.0	Yes
Application	mozilla	firefox	1.0.1	Yes
Application	mozilla	firefox	1.0.2	Yes
Application	mozilla	firefox	1.0.3	Yes
Application	mozilla	firefox	1.0.4	Yes
Application	mozilla	firefox	1.0.5	Yes
Application	mozilla	firefox	1.0.6	Yes
Application	mozilla	firefox	1.0.6	Yes
Application	mozilla	firefox	1.0.7	Yes
Application	mozilla	firefox	1.5	Yes
Application	mozilla	firefox	1.5	Yes
Application	mozilla	firefox	1.5	Yes
Application	mozilla	firefox	1.5.0.1	Yes
Application	mozilla	firefox	1.5.0.2	Yes
Application	mozilla	firefox	1.5.0.3	Yes
Application	mozilla	firefox	preview_release	Yes

References

http://rhn.redhat.com/errata/RHSA-2006-0609.html ([email protected])
http://secunia.com/advisories/21269 Vendor Advisory ([email protected])
http://secunia.com/advisories/21270 Vendor Advisory ([email protected])
http://secunia.com/advisories/21336 Vendor Advisory ([email protected])
http://secunia.com/advisories/21532 Vendor Advisory ([email protected])
http://secunia.com/advisories/21631 Vendor Advisory ([email protected])
http://secunia.com/advisories/22247 Vendor Advisory ([email protected])
http://secunia.com/advisories/22299 Vendor Advisory ([email protected])
http://secunia.com/advisories/22342 Vendor Advisory ([email protected])
http://secunia.com/advisories/22849 Vendor Advisory ([email protected])
http://www.debian.org/security/2006/dsa-1192 ([email protected])
http://www.debian.org/security/2006/dsa-1210 ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2006:143 ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2006:145 ([email protected])
http://www.redhat.com/support/errata/RHSA-2006-0578.html ([email protected])
http://www.redhat.com/support/errata/RHSA-2006-0594.html ([email protected])
http://www.redhat.com/support/errata/RHSA-2006-0610.html ([email protected])
http://www.redhat.com/support/errata/RHSA-2006-0611.html ([email protected])
http://www.ubuntu.com/usn/usn-361-1 ([email protected])
http://www.us.debian.org/security/2006/dsa-1191 ([email protected])
https://bugzilla.mozilla.org/show_bug.cgi?id=321598 Exploit, Patch ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11065 ([email protected])
https://usn.ubuntu.com/296-1/ ([email protected])
http://rhn.redhat.com/errata/RHSA-2006-0609.html (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/21269 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/21270 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/21336 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/21532 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/21631 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/22247 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/22299 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/22342 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/22849 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2006/dsa-1192 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2006/dsa-1210 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2006:143 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2006:145 (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2006-0578.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2006-0594.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2006-0610.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2006-0611.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/usn-361-1 (af854a3a-2127-422b-91ae-364da2661108)
http://www.us.debian.org/security/2006/dsa-1191 (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.mozilla.org/show_bug.cgi?id=321598 Exploit, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11065 (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/296-1/ (af854a3a-2127-422b-91ae-364da2661108)