CVE-2006-2779 Date: (C)2006-06-02 (M)2023-12-22
Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption.
CVSS Score and Metrics +CVSS Score and Metrics -
CVSS V2 Severity: CVSS Score : 9.3 Exploit Score: 8.6 Impact Score: 10.0 CVSS V2 Metrics: Access Vector: NETWORK Access Complexity: MEDIUM Authentication: NONE Confidentiality: COMPLETE Integrity: COMPLETE Availability: COMPLETE