CVE-2006-1730

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

nteger overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via a large number in the CSS letter-spacing property that leads to a heap-based buffer overflow.

References

Link	Resource
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc
http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html
http://secunia.com/advisories/19631	Patch Vendor Advisory
http://secunia.com/advisories/19649	Patch Vendor Advisory
http://secunia.com/advisories/19696
http://secunia.com/advisories/19714	Vendor Advisory
http://secunia.com/advisories/19721	Vendor Advisory
http://secunia.com/advisories/19729
http://secunia.com/advisories/19746	Vendor Advisory
http://secunia.com/advisories/19759	Vendor Advisory
http://secunia.com/advisories/19780
http://secunia.com/advisories/19794	Vendor Advisory
http://secunia.com/advisories/19811	Vendor Advisory
http://secunia.com/advisories/19821	Vendor Advisory
http://secunia.com/advisories/19823	Vendor Advisory
http://secunia.com/advisories/19852	Vendor Advisory
http://secunia.com/advisories/19862	Vendor Advisory
http://secunia.com/advisories/19863	Vendor Advisory
http://secunia.com/advisories/19902	Vendor Advisory
http://secunia.com/advisories/19941	Vendor Advisory
http://secunia.com/advisories/19950	Vendor Advisory
http://secunia.com/advisories/20051
http://secunia.com/advisories/21033	Vendor Advisory
http://secunia.com/advisories/21622
http://secunia.com/advisories/22065
http://secunia.com/advisories/22066
http://securityreason.com/securityalert/720
http://securitytracker.com/id?1015915	Patch
http://securitytracker.com/id?1015916	Patch
http://securitytracker.com/id?1015917	Patch
http://securitytracker.com/id?1015918	Patch
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
http://www.debian.org/security/2006/dsa-1044
http://www.debian.org/security/2006/dsa-1046
http://www.debian.org/security/2006/dsa-1051
http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml
http://www.kb.cert.org/vuls/id/179014	Third Party Advisory US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2006:075
http://www.mandriva.com/security/advisories?name=MDKSA-2006:076
http://www.mandriva.com/security/advisories?name=MDKSA-2006:078
http://www.mozilla.org/security/announce/2006/mfsa2006-22.html	Vendor Advisory
http://www.novell.com/linux/security/advisories/2006_04_25.html
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html
http://www.redhat.com/support/errata/RHSA-2006-0328.html	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2006-0329.html	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2006-0330.html	Vendor Advisory
http://www.securityfocus.com/archive/1/431060/100/0/threaded
http://www.securityfocus.com/archive/1/434524/100/0/threaded
http://www.securityfocus.com/archive/1/434524/100/0/threaded
http://www.securityfocus.com/archive/1/436296/100/0/threaded
http://www.securityfocus.com/archive/1/436338/100/0/threaded
http://www.securityfocus.com/archive/1/438730/100/0/threaded
http://www.securityfocus.com/archive/1/438730/100/0/threaded
http://www.securityfocus.com/archive/1/446657/100/200/threaded
http://www.securityfocus.com/archive/1/446657/100/200/threaded
http://www.securityfocus.com/archive/1/446658/100/200/threaded
http://www.securityfocus.com/archive/1/446658/100/200/threaded
http://www.securityfocus.com/bid/17516
http://www.us-cert.gov/cas/techalerts/TA06-107A.html	US Government Resource
http://www.vupen.com/english/advisories/2006/1356
http://www.vupen.com/english/advisories/2006/3391
http://www.vupen.com/english/advisories/2006/3748
http://www.vupen.com/english/advisories/2006/3749
http://www.vupen.com/english/advisories/2008/0083
http://www.zerodayinitiative.com/advisories/ZDI-06-010.html	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/25826
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10055
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1614
https://usn.ubuntu.com/271-1/
https://usn.ubuntu.com/275-1/
https://usn.ubuntu.com/276-1/
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc
http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html
http://secunia.com/advisories/19631	Patch Vendor Advisory
http://secunia.com/advisories/19649	Patch Vendor Advisory
http://secunia.com/advisories/19696
http://secunia.com/advisories/19714	Vendor Advisory
http://secunia.com/advisories/19721	Vendor Advisory
http://secunia.com/advisories/19729
http://secunia.com/advisories/19746	Vendor Advisory
http://secunia.com/advisories/19759	Vendor Advisory
http://secunia.com/advisories/19780
http://secunia.com/advisories/19794	Vendor Advisory
http://secunia.com/advisories/19811	Vendor Advisory
http://secunia.com/advisories/19821	Vendor Advisory
http://secunia.com/advisories/19823	Vendor Advisory
http://secunia.com/advisories/19852	Vendor Advisory
http://secunia.com/advisories/19862	Vendor Advisory
http://secunia.com/advisories/19863	Vendor Advisory
http://secunia.com/advisories/19902	Vendor Advisory
http://secunia.com/advisories/19941	Vendor Advisory
http://secunia.com/advisories/19950	Vendor Advisory
http://secunia.com/advisories/20051
http://secunia.com/advisories/21033	Vendor Advisory
http://secunia.com/advisories/21622
http://secunia.com/advisories/22065
http://secunia.com/advisories/22066
http://securityreason.com/securityalert/720
http://securitytracker.com/id?1015915	Patch
http://securitytracker.com/id?1015916	Patch
http://securitytracker.com/id?1015917	Patch
http://securitytracker.com/id?1015918	Patch
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
http://www.debian.org/security/2006/dsa-1044
http://www.debian.org/security/2006/dsa-1046
http://www.debian.org/security/2006/dsa-1051
http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml
http://www.kb.cert.org/vuls/id/179014	Third Party Advisory US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2006:075
http://www.mandriva.com/security/advisories?name=MDKSA-2006:076
http://www.mandriva.com/security/advisories?name=MDKSA-2006:078
http://www.mozilla.org/security/announce/2006/mfsa2006-22.html	Vendor Advisory
http://www.novell.com/linux/security/advisories/2006_04_25.html
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html
http://www.redhat.com/support/errata/RHSA-2006-0328.html	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2006-0329.html	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2006-0330.html	Vendor Advisory
http://www.securityfocus.com/archive/1/431060/100/0/threaded
http://www.securityfocus.com/archive/1/434524/100/0/threaded
http://www.securityfocus.com/archive/1/434524/100/0/threaded
http://www.securityfocus.com/archive/1/436296/100/0/threaded
http://www.securityfocus.com/archive/1/436338/100/0/threaded
http://www.securityfocus.com/archive/1/438730/100/0/threaded
http://www.securityfocus.com/archive/1/438730/100/0/threaded
http://www.securityfocus.com/archive/1/446657/100/200/threaded
http://www.securityfocus.com/archive/1/446657/100/200/threaded
http://www.securityfocus.com/archive/1/446658/100/200/threaded
http://www.securityfocus.com/archive/1/446658/100/200/threaded
http://www.securityfocus.com/bid/17516
http://www.us-cert.gov/cas/techalerts/TA06-107A.html	US Government Resource
http://www.vupen.com/english/advisories/2006/1356
http://www.vupen.com/english/advisories/2006/3391
http://www.vupen.com/english/advisories/2006/3748
http://www.vupen.com/english/advisories/2006/3749
http://www.vupen.com/english/advisories/2008/0083
http://www.zerodayinitiative.com/advisories/ZDI-06-010.html	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/25826
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10055
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1614
https://usn.ubuntu.com/271-1/
https://usn.ubuntu.com/275-1/
https://usn.ubuntu.com/276-1/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox:1.0:::::::*
	cpe:2.3:a:mozilla:firefox:1.0.1:::::::*
	cpe:2.3:a:mozilla:firefox:1.0.2:::::::*
	cpe:2.3:a:mozilla:firefox:1.0.3:::::::*
	cpe:2.3:a:mozilla:firefox:1.0.4:::::::*
	cpe:2.3:a:mozilla:firefox:1.0.5:::::::*
	cpe:2.3:a:mozilla:firefox:1.0.6:::::::*
	cpe:2.3:a:mozilla:firefox:1.0.7:::::::*
	cpe:2.3:a:mozilla:firefox:1.5:::::::*
	cpe:2.3:a:mozilla:firefox:1.5:beta1::::::
	cpe:2.3:a:mozilla:firefox:1.5:beta2::::::
	cpe:2.3:a:mozilla:firefox:1.5.0.1:::::::*
	cpe:2.3:a:mozilla:mozilla_suite:1.7.6:::::::*
	cpe:2.3:a:mozilla:mozilla_suite:1.7.7:::::::*
	cpe:2.3:a:mozilla:mozilla_suite:1.7.8:::::::*
	cpe:2.3:a:mozilla:mozilla_suite:1.7.10:::::::*
	cpe:2.3:a:mozilla:mozilla_suite:1.7.11:::::::*
	cpe:2.3:a:mozilla:mozilla_suite:1.7.12:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.0::alpha:::::
	cpe:2.3:a:mozilla:seamonkey:1.0:beta::::::
	cpe:2.3:a:mozilla:thunderbird:1.0:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.0.1:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.0.2:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.0.3:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.0.4:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.0.5:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.0.5:beta::::::
	cpe:2.3:a:mozilla:thunderbird:1.0.6:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.0.7:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.5:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.5:beta2::::::
	cpe:2.3:a:mozilla:thunderbird:1.5.0.1:::::::*

History

21 Nov 2024, 00:09

Information

Published : 2006-04-14 10:02

Updated : 2025-04-03 01:03

NVD link : CVE-2006-1730

Mitre link : CVE-2006-1730

CVE.ORG link : CVE-2006-1730

JSON object : View

Products Affected

mozilla

CWE

CWE-189

Numeric Errors

9.3 /10