9.3

CVE-2006-6504

EPSS 41.55%
Veröffentlicht 20.12.2006 01:28:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 45

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version >= 1.5 < 1.5.0.9

Mozilla ≫ Firefox Version >= 2.0 < 2.0.0.1

Mozilla ≫ Seamonkey Version < 1.0.7

Canonical ≫ Ubuntu Linux Version5.10

Canonical ≫ Ubuntu Linux Version6.06 SwEditionlts

Canonical ≫ Ubuntu Linux Version6.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	41.55%	0.973

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://www.vupen.com/english/advisories/2008/0083

Third Party Advisory

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

Broken Link

ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc

Broken Link

http://secunia.com/advisories/23514

Third Party Advisory

http://fedoranews.org/cms/node/2297

Broken Link

http://fedoranews.org/cms/node/2338

Broken Link

http://rhn.redhat.com/errata/RHSA-2006-0758.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2006-0759.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2006-0760.html

Third Party Advisory

http://secunia.com/advisories/23282

Third Party Advisory

http://secunia.com/advisories/23422

Third Party Advisory

http://secunia.com/advisories/23433

Third Party Advisory

http://secunia.com/advisories/23439

Third Party Advisory

http://secunia.com/advisories/23440

Third Party Advisory

http://secunia.com/advisories/23468

Third Party Advisory

http://secunia.com/advisories/23545

Third Party Advisory

http://secunia.com/advisories/23589

Third Party Advisory

http://secunia.com/advisories/23601

Third Party Advisory

http://secunia.com/advisories/23614

Third Party Advisory

http://secunia.com/advisories/23618

Third Party Advisory

http://secunia.com/advisories/23672

Third Party Advisory

http://secunia.com/advisories/23692

Third Party Advisory

http://security.gentoo.org/glsa/glsa-200701-02.xml

Third Party Advisory

http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2007:010

Third Party Advisory

http://www.novell.com/linux/security/advisories/2006_80_mozilla.html

Broken Link

http://www.novell.com/linux/security/advisories/2007_06_mozilla.html

Broken Link

http://www.securityfocus.com/archive/1/455145/100/0/threaded

http://www.securityfocus.com/archive/1/455728/100/200/threaded

http://www.securityfocus.com/bid/21668

Third Party Advisory

VDB Entry

http://www.ubuntu.com/usn/usn-398-1

Third Party Advisory

http://www.ubuntu.com/usn/usn-398-2

Third Party Advisory

http://www.us-cert.gov/cas/techalerts/TA06-354A.html

Third Party Advisory

US Government Resource

http://www.vupen.com/english/advisories/2006/5068

Third Party Advisory

https://issues.rpath.com/browse/RPL-883

Broken Link

http://securitytracker.com/id?1017417

Third Party Advisory

VDB Entry

http://securitytracker.com/id?1017418

Third Party Advisory

VDB Entry

http://www.kb.cert.org/vuls/id/928956

Third Party Advisory

US Government Resource

http://www.mozilla.org/security/announce/2006/mfsa2006-73.html

Vendor Advisory

http://www.securityfocus.com/archive/1/454939/100/0/threaded

http://www.zerodayinitiative.com/advisories/ZDI-06-051.html

Third Party Advisory

VDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11077

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2006-6504

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-6504

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-6504

EUVD