5.8

CVE-2006-0298

Exploit
The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly read sensitive data via unknown attack vectors that trigger an out-of-bounds read.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version1.5
MozillaFirefox Version1.5 Updatebeta1
MozillaSeamonkey Version1.0 Editionalpha
MozillaSeamonkey Version1.0 Updatebeta
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.71% 0.84
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/18700
Patch
Vendor Advisory
http://secunia.com/advisories/18704
Patch
Vendor Advisory
http://www.securityfocus.com/bid/16476
Patch
Exploit
http://www.vupen.com/english/advisories/2006/0413
Vendor Advisory
http://secunia.com/advisories/22065
Vendor Advisory
http://securitytracker.com/id?1015570
Patch
http://www.securityfocus.com/archive/1/446657/100/200/threaded
http://www.vupen.com/english/advisories/2006/3749
Vendor Advisory
http://www.mozilla.org/security/announce/2006/mfsa2006-07.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/24436
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A677