Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:252324
HistoryApr 17, 2006 - 12:00 a.m.

Mozilla display style vulnerability

2006-04-1700:00:00
www.kb.cert.org
25

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.968 High

EPSS

Percentile

99.7%

JSON

Overview

Mozilla products contain an unspecified vulnerability in the way they handle display styles. This vulnerability may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.

Description

Mozilla products contain an unspecified vulnerability in the way they handle the -moz-grid and -moz-grid-group display styles. If a remote attacker can persuade a user to access a specially crafted web page, that attacker may be able to cause the attacked Mozilla product to crash in a way that could allow them to execute arbitrary code.

For more information please refer to Mozilla Foundation Security Advisory 2006-11.

Impact

A remote, unauthenticated attacker may be able to execute arbitrary code or cause the attacked Mozilla product to crash.

Solution

Upgrade
Refer to Mozilla Foundation Security Advisory 2006-11 for fixed versions of Mozilla products.

Disable JavaScript

For instructions on how to disable JavaScript in Firefox, please refer to the Firefox section of the Securing Your Web Browser document.

Vendor Information

252324

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Mozilla, Inc. __ Affected

Updated: April 17, 2006

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to <http://www.mozilla.org/security/announce/2006/mfsa2006-11.html&gt;.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23252324 Feedback>).

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

<http://www.mozilla.org/security/announce/2006/mfsa2006-11.html&gt;

Acknowledgements

This vulnerability was reported in Mozilla Foundation Security Advisory 2006-11. Mozilla credits Alden D’Souza with providing information regarding this issue.

This document was written by Jeff Gennari

Other Information

CVE IDs: CVE-2006-1738
Severity Metric: 17.56 Date Public:

Related

ubuntucve 1
checkpoint_advisories 1
prion 1
cve 1
debiancve 1
mozilla 1
nessus 33
openvas 16
suse 1
redhat 3
centos 4
gentoo 3
ubuntu 3
debian 8
osv 3
freebsd 1
ubuntucve
ubuntucve
CVE-2006-1738
2006-04-14 00:00:00
checkpoint_advisories
checkpoint_advisories
Mozilla Firefox mozgrid Modification Denial of Service - Ver2 (CVE-2006-1738)
2015-03-26 00:00:00
prion
prion
Code injection
2006-04-14 18:02:00
cve
cve
CVE-2006-1738
2006-04-14 18:02:00
debiancve
debiancve
CVE-2006-1738
2006-04-14 18:02:00
mozilla
mozilla
Crashes with evidence of memory corruption (rv:1.8) — Mozilla
2006-04-13 00:00:00
nessus
nessus
Mandrake Linux Security Advisory : mozilla-firefox (MDKSA-2006:075)
2006-04-26 00:00:00
Fedora Core 4 : firefox-1.0.8-1.1.fc4 (2006-410)
2006-04-21 00:00:00
Fedora Core 5 : firefox-1.5.0.2-1.1.fc5 (2006-411)
2006-04-21 00:00:00
openvas
openvas
SLES9: Security update for Mozilla suite
2009-10-10 00:00:00
SLES9: Security update for Mozilla suite
2009-10-10 00:00:00
Gentoo Security Advisory GLSA 200604-12 (mozilla-firefox)
2008-09-24 00:00:00
suse
suse
remote code execution in MozillaFirefox,mozilla
2006-04-20 13:13:08
redhat
redhat
(RHSA-2006:0328) firefox security update
2006-04-14 00:00:00
(RHSA-2006:0330) thunderbird security update
2006-04-21 00:00:00
(RHSA-2006:0329) mozilla security update
2006-04-18 00:00:00
centos
centos
firefox security update
2006-04-14 18:00:35
galeon, mozilla security update
2006-04-18 23:53:59
thunderbird security update
2006-04-21 17:41:34
gentoo
gentoo
Mozilla Thunderbird: Multiple vulnerabilities
2006-05-08 00:00:00
Mozilla Firefox: Multiple vulnerabilities
2006-04-23 00:00:00
Mozilla Suite: Multiple vulnerabilities
2006-04-28 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2006-05-03 00:00:00
Mozilla vulnerabilities
2006-04-28 00:00:00
Firefox vulnerabilities
2006-04-20 00:00:00
debian
debian
[SECURITY] [DSA 1044-1] New Mozilla Firefox packages fix several vulnerabilities
2006-04-26 16:58:22
[SECURITY] [DSA 1044-1] New Mozilla Firefox packages fix several vulnerabilities
2006-04-26 16:02:42
[SECURITY] [DSA 1044-1] New Mozilla Firefox packages fix several vulnerabilities
2006-04-26 16:58:22
osv
osv
mozilla-firefox - several
2006-04-26 00:00:00
mozilla-thunderbird - several vulnerabilities
2006-05-04 00:00:00
mozilla - several
2006-04-27 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2006-04-13 00:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.968 High

EPSS

Percentile

99.7%

JSON
Related for VU:252324
ubuntucve1checkpoint_advisories1prion1cve1debiancve1mozilla1nessus33openvas16suse1redhat3centos4gentoo3ubuntu3debian8osv3freebsd1