Published: 27/07/2006 Updated: 17/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Subscribe to Firefox

Multiple vulnerabilities in Mozilla Firefox prior to 1.5.0.5, Thunderbird prior to 1.5.0.5, and SeaMonkey prior to 1.0.3 allow remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via Javascript that leads to memory corruption, including (1) nsListControlFrame::FireMenuItemActiveEvent, (2) buffer overflows in the string class in out-of-memory conditions, (3) table row and column groups, (4) "anonymous box selectors outside of UA stylesheets," (5) stale references to "removed nodes," and (6) running the crypto.generateCRMFRequest callback on deleted context.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox 1.5.0.4
mozilla seamonkey 1.0
mozilla firefox 1.5.0.2
mozilla firefox 1.5.0.3
mozilla thunderbird 1.5.0.2
mozilla thunderbird 1.5.0.4
mozilla firefox 1.5
mozilla firefox 1.5.0.1
mozilla thunderbird 1.5
mozilla seamonkey 1.0.1
mozilla seamonkey 1.0.2

Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious email containing JavaScript Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it (CVE-2006-3113, CVE-2006-3802, CVE-2006-3803, CVE-2006-3805, CVE-2006 ...

Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious URL (CVE-2006-2788, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3809, CVE-2006-3811, CVE-2006-4565, CVE-2006-4568, CVE-2006-4571) ...

This update upgrades Thunderbird from 108 to 1507 This step was necessary since the 10x series is not supported by upstream any more ...

Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious URL (CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3809, CVE-2006-3811, CVE-2006-3812) ...

Mozilla Foundation Security Advisory 2006-55 Crashes with evidence of memory corruption (rv:1805) Announced July 25, 2006 Reporter Mozilla Developers Impact Critical Products Firefox, SeaMonkey, Thunderbird Fixed in ...

NVD-CWE-Other http://www.mozilla.org/security/announce/2006/mfsa2006-55.html http://www.kb.cert.org/vuls/id/527676 https://issues.rpath.com/browse/RPL-536 http://www.securityfocus.com/bid/19181 http://securitytracker.com/id?1016586 http://securitytracker.com/id?1016587 http://securitytracker.com/id?1016588 http://secunia.com/advisories/19873 http://secunia.com/advisories/21216 http://secunia.com/advisories/21228 http://secunia.com/advisories/21229 http://www.redhat.com/support/errata/RHSA-2006-0608.html http://www.us-cert.gov/cas/techalerts/TA06-208A.html http://secunia.com/advisories/21246 http://www.redhat.com/support/errata/RHSA-2006-0610.html http://www.redhat.com/support/errata/RHSA-2006-0611.html http://secunia.com/advisories/21243 http://secunia.com/advisories/21269 http://secunia.com/advisories/21270 http://secunia.com/advisories/21275 http://security.gentoo.org/glsa/glsa-200608-02.xml http://security.gentoo.org/glsa/glsa-200608-04.xml http://rhn.redhat.com/errata/RHSA-2006-0609.html http://secunia.com/advisories/21336 http://secunia.com/advisories/21358 http://secunia.com/advisories/21361 http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml https://issues.rpath.com/browse/RPL-537 ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc http://secunia.com/advisories/21250 http://secunia.com/advisories/21262 http://secunia.com/advisories/21343 http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html http://secunia.com/advisories/21529 http://secunia.com/advisories/21532 http://secunia.com/advisories/21607 http://www.redhat.com/support/errata/RHSA-2006-0594.html http://secunia.com/advisories/21631 http://www.debian.org/security/2006/dsa-1161 http://secunia.com/advisories/21675 http://www.ubuntu.com/usn/usn-350-1 http://www.ubuntu.com/usn/usn-354-1 http://secunia.com/advisories/22055 http://secunia.com/advisories/22210 http://www.ubuntu.com/usn/usn-361-1 http://secunia.com/advisories/22342 http://www.mandriva.com/security/advisories?name=MDKSA-2006:143 http://www.mandriva.com/security/advisories?name=MDKSA-2006:145 http://www.mandriva.com/security/advisories?name=MDKSA-2006:146 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102971-1 http://secunia.com/advisories/22065 http://secunia.com/advisories/22066 http://secunia.com/advisories/25839 http://www.vupen.com/english/advisories/2006/3749 http://www.vupen.com/english/advisories/2006/3748 http://www.vupen.com/english/advisories/2007/2350 http://www.vupen.com/english/advisories/2008/0083 http://www.vupen.com/english/advisories/2006/2998 https://exchange.xforce.ibmcloud.com/vulnerabilities/27992 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9934 https://usn.ubuntu.com/329-1/https://usn.ubuntu.com/327-1/http://www.securityfocus.com/archive/1/446658/100/200/threaded http://www.securityfocus.com/archive/1/446657/100/200/threaded http://www.securityfocus.com/archive/1/441333/100/0/threaded https://nvd.nist.gov https://usn.ubuntu.com/329-1/https://www.kb.cert.org/vuls/id/527676

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook