9.3

CVE-2006-2779

Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version0.8
MozillaFirefox Version0.9
MozillaFirefox Version0.9 Updaterc
MozillaFirefox Version0.9.1
MozillaFirefox Version0.9.2
MozillaFirefox Version0.9.3
MozillaFirefox Version0.10
MozillaFirefox Version0.10.1
MozillaFirefox Version1.0
MozillaFirefox Version1.0.1
MozillaFirefox Version1.0.2
MozillaFirefox Version1.0.3
MozillaFirefox Version1.0.4
MozillaFirefox Version1.0.5
MozillaFirefox Version1.0.6
MozillaFirefox Version1.0.7
MozillaFirefox Version1.0.8
MozillaFirefox Version1.5
MozillaFirefox Version1.5 Updatebeta1
MozillaFirefox Version1.5 Updatebeta2
MozillaFirefox Version1.5.0.2
MozillaFirefox Version1.5.1
MozillaFirefox Version1.5.2
MozillaFirefox Version1.5.3
MozillaFirefox Versionpreview_release
MozillaThunderbird Version0.6
MozillaThunderbird Version0.7
MozillaThunderbird Version0.7.1
MozillaThunderbird Version0.7.2
MozillaThunderbird Version0.7.3
MozillaThunderbird Version0.8
MozillaThunderbird Version0.9
MozillaThunderbird Version1.0
MozillaThunderbird Version1.0.1
MozillaThunderbird Version1.0.2
MozillaThunderbird Version1.0.5
MozillaThunderbird Version1.0.6
MozillaThunderbird Version1.0.7
MozillaThunderbird Version1.0.8
MozillaThunderbird Version1.5
MozillaThunderbird Version1.5 Updatebeta2
MozillaThunderbird Version1.5.1
MozillaThunderbird Version1.5.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.96% 0.933
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://secunia.com/advisories/22065
http://www.securityfocus.com/archive/1/446657/100/200/threaded
http://www.vupen.com/english/advisories/2006/3749
http://secunia.com/advisories/22066
http://www.securityfocus.com/archive/1/446658/100/200/threaded
http://www.vupen.com/english/advisories/2006/3748
http://www.vupen.com/english/advisories/2008/0083
http://www.novell.com/linux/security/advisories/2006_35_mozilla.html
http://secunia.com/advisories/20376
Patch
Vendor Advisory
http://secunia.com/advisories/21176
Vendor Advisory
http://secunia.com/advisories/21183
Vendor Advisory
http://secunia.com/advisories/21324
Vendor Advisory
http://securitytracker.com/id?1016202
Patch
http://www.debian.org/security/2006/dsa-1118
http://www.debian.org/security/2006/dsa-1120
http://www.debian.org/security/2006/dsa-1134
http://www.securityfocus.com/archive/1/435795/100/0/threaded
http://www.securityfocus.com/bid/18228
http://www.vupen.com/english/advisories/2006/2106
http://secunia.com/advisories/21532
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:143
http://www.mandriva.com/security/advisories?name=MDKSA-2006:145
http://secunia.com/advisories/20382
Patch
Vendor Advisory
http://secunia.com/advisories/20561
Patch
Vendor Advisory
http://secunia.com/advisories/20709
http://secunia.com/advisories/21178
Vendor Advisory
http://secunia.com/advisories/21188
Vendor Advisory
http://secunia.com/advisories/21210
Vendor Advisory
http://secunia.com/advisories/21607
Vendor Advisory
http://securitytracker.com/id?1016214
Patch
http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml
Patch
Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:146
http://www.us-cert.gov/cas/techalerts/TA06-153A.html
Patch
US Government Resource
https://usn.ubuntu.com/296-1/
https://usn.ubuntu.com/296-2/
https://usn.ubuntu.com/297-1/
https://usn.ubuntu.com/297-3/
https://usn.ubuntu.com/323-1/
http://rhn.redhat.com/errata/RHSA-2006-0609.html
Vendor Advisory
http://secunia.com/advisories/21134
Vendor Advisory
http://secunia.com/advisories/21269
Vendor Advisory
http://secunia.com/advisories/21270
Vendor Advisory
http://secunia.com/advisories/21336
Vendor Advisory
http://secunia.com/advisories/21631
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2006-0578.html
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2006-0594.html
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2006-0610.html
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2006-0611.html
Vendor Advisory
http://secunia.com/advisories/21634
Vendor Advisory
http://secunia.com/advisories/21654
Vendor Advisory
http://secunia.com/advisories/27216
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102943-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200387-1
http://www.debian.org/security/2006/dsa-1159
http://www.debian.org/security/2006/dsa-1160
http://www.kb.cert.org/vuls/id/466673
US Government Resource
http://www.mozilla.org/security/announce/2006/mfsa2006-32.html
http://www.vupen.com/english/advisories/2007/3488
https://exchange.xforce.ibmcloud.com/vulnerabilities/26843
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9762