Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2006-4565

Published: 15/09/2006 Updated: 17/10/2018
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Mozilla

Vulnerability Summary

Heap-based buffer overflow in Mozilla Firefox prior to 1.5.0.7, Thunderbird prior to 1.5.0.7, and SeaMonkey prior to 1.0.5 allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a JavaScript regular expression with a "minimal quantifier."

Vulnerable Product Search on Vulmon Subscribe to Product

mozilla thunderbird

mozilla firefox

mozilla seamonkey

Vendor Advisories

Debian Security Advisories: DSA-1210-1 mozilla-firefox -- several vulnerabilities
Several security related problems have been discovered in Mozilla and derived products such as Mozilla Firefox The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2006-2788 Fernando Ribeiro discovered that a vulnerability in the getRawDER function allows remote attackers to cause a denial of serv ...
Debian Security Advisories: DSA-1192-1 mozilla -- several vulnerabilities
Several security related problems have been discovered in Mozilla and derived products such as Mozilla Thunderbird The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2006-2788 Fernando Ribeiro discovered that a vulnerability in the getRawDER function allows remote attackers to cause a denial of ...
Ubuntu Security Notice: firefox vulnerabilities
Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page containing JavaScript (CVE-2006-4253, CVE-2006-4565, CVE-2006-4566, CVE-2006-4568, CVE-2006-4569 CVE-2006-4571) ...
Ubuntu Security Notice: mozilla vulnerabilities
Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious URL (CVE-2006-2788, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3809, CVE-2006-3811, CVE-2006-4565, CVE-2006-4568, CVE-2006-4571) ...
Ubuntu Security Notice: mozilla-thunderbird vulnerabilities
This update upgrades Thunderbird from 108 to 1507 This step was necessary since the 10x series is not supported by upstream any more ...
Ubuntu Security Notice: mozilla-thunderbird vulnerabilities
Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious email containing JavaScript Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it (CVE-2006-4253, CVE-2006-4565, CVE-2006-4566, CVE-2006-4571) ...
Mozilla: JavaScript Regular Expression Heap Corruption
Mozilla Foundation Security Advisory 2006-57 JavaScript Regular Expression Heap Corruption Announced September 14, 2006 Reporter Priit Laes, CanadianGuy, Girts Folkmanis, Catalin Patulea Impact Critical Products Firefox, SeaM ...

References

CWE-119http://www.mozilla.org/security/announce/2006/mfsa2006-57.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0676.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0677.htmlhttp://secunia.com/advisories/21906http://secunia.com/advisories/21949http://www.redhat.com/support/errata/RHSA-2006-0675.htmlhttp://www.securityfocus.com/bid/20042http://securitytracker.com/id?1016846http://securitytracker.com/id?1016847http://securitytracker.com/id?1016848http://secunia.com/advisories/21915http://secunia.com/advisories/21916http://secunia.com/advisories/21939http://secunia.com/advisories/21940http://secunia.com/advisories/21950ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.aschttp://www.ubuntu.com/usn/usn-350-1http://secunia.com/advisories/22036http://secunia.com/advisories/22001http://security.gentoo.org/glsa/glsa-200609-19.xmlhttp://www.novell.com/linux/security/advisories/2006_54_mozilla.htmlhttp://www.ubuntu.com/usn/usn-351-1http://www.ubuntu.com/usn/usn-352-1http://www.ubuntu.com/usn/usn-354-1http://secunia.com/advisories/22025http://secunia.com/advisories/22055http://secunia.com/advisories/22074http://secunia.com/advisories/22088http://www.us.debian.org/security/2006/dsa-1191http://security.gentoo.org/glsa/glsa-200610-01.xmlhttp://secunia.com/advisories/22210http://secunia.com/advisories/22247http://secunia.com/advisories/22274http://support.avaya.com/elmodocs2/security/ASA-2006-224.htmhttp://www.debian.org/security/2006/dsa-1192http://security.gentoo.org/glsa/glsa-200610-04.xmlhttp://www.ubuntu.com/usn/usn-361-1http://secunia.com/advisories/22299http://secunia.com/advisories/22342http://secunia.com/advisories/22391http://secunia.com/advisories/22422http://www.debian.org/security/2006/dsa-1210http://secunia.com/advisories/22849http://secunia.com/advisories/22056http://secunia.com/advisories/22195https://issues.rpath.com/browse/RPL-640http://secunia.com/advisories/24711http://www.mandriva.com/security/advisories?name=MDKSA-2006:168http://www.mandriva.com/security/advisories?name=MDKSA-2006:169http://secunia.com/advisories/22066http://www.vupen.com/english/advisories/2006/3617http://www.vupen.com/english/advisories/2006/3748http://www.vupen.com/english/advisories/2007/1198http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742http://www.vupen.com/english/advisories/2008/0083https://exchange.xforce.ibmcloud.com/vulnerabilities/28955https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11421http://www.securityfocus.com/archive/1/446140/100/0/threadedhttps://nvd.nist.govhttps://www.debian.org/security/./dsa-1210https://usn.ubuntu.com/351-1/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middleCVE-2024-34558CVE-2024-32674CVE-2024-34351XPath injectionCVE-2023-45866CVE-2024-25528CVE-2024-25517path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook