Lucene search

MitreCVE-2006-2538

HistoryMay 22, 2006 - 11:10 p.m.

CVE-2006-2538

2006-05-2223:10:00

mitre

web.nvd.nist.gov

cve-2006-2538

ie tab 1.0.9

mozilla firefox 1.5.0.3

denial of service

application crash

javascript

vulnerability

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

AI Score

6.8

Confidence

High

EPSS

0.005

Percentile

77.3%

JSON

IE Tab 1.0.9 plugin for Mozilla Firefox 1.5.0.3 allows remote user-assisted attackers to cause a denial of service (application crash), possibly due to a null dereference, via certain Javascript, as demonstrated using a url parameter to the content/reloaded.html page in a chrome:// URI. Some third-party researchers claim that they are unable to reproduce this vulnerability.

Affected configurations

Nvd

Node

ie_tabie_tabMatch1.0.9

mozillafirefoxMatch1.5.0.3

VendorProductVersionCPE
ie_tabie_tab1.0.9cpe:2.3:a:ie_tab:ie_tab:1.0.9:*:*:*:*:*:*:*
mozillafirefox1.5.0.3cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ie_tab	ie_tab	1.0.9	cpe:2.3:a:ie_tab:ie_tab:1.0.9:::::::*
mozilla	firefox	1.5.0.3	cpe:2.3:a:mozilla:firefox:1.5.0.3:::::::*

References

www.securityfocus.com/archive/1/434280/100/0/threaded

www.securityfocus.com/archive/1/434519/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/26540

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

AI Score

6.8

Confidence

High

EPSS

0.005

Percentile

77.3%

JSON

Related for CVE-2006-2538