[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248364

 
 

909

 
 

195388

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-6500Date: (C)2006-12-19   (M)2023-12-22


Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by setting the CSS cursor to certain images that cause an incorrect size calculation when converting to a Windows bitmap.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1017399
SECTRACK-1017400
SECTRACK-1017401
BID-21668
SECUNIA-23282
SECUNIA-23420
SECUNIA-23422
SECUNIA-23545
SECUNIA-23598
SECUNIA-23614
SECUNIA-23672
SECUNIA-23692
ADV-2006-5068
ADV-2008-0083
GLSA-200701-02
GLSA-200701-03
GLSA-200701-04
MDKSA-2007:010
MDKSA-2007:011
SSRT061181
SUSE-SA:2006:080
SUSE-SA:2007:006
TA06-354A
VU#722244
http://www.mozilla.org/security/announce/2006/mfsa2006-69.html

CPE    51
cpe:/a:mozilla:firefox:1.5.0.4
cpe:/a:mozilla:firefox:1.5.0.3
cpe:/a:mozilla:thunderbird:1.0.2
cpe:/a:mozilla:firefox:1.5:beta2
...
CWE    1
CWE-119

© SecPod Technologies