Lucene search

[email protected]CVE-2006-2778

HistoryJun 02, 2006 - 6:02 p.m.

CVE-2006-2778

2006-06-0218:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-2778

buffer overflow

mozilla firefox

thunderbird

remote code execution

certificate authority

7.3 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.419 Medium

EPSS

Percentile

97.3%

JSON

The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow.

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxle1.5.0.3
mozilla:thunderbirdmozilla thunderbirdle1.5.0.3

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	le	1.5.0.3
mozilla:thunderbird	mozilla thunderbird	le	1.5.0.3

References

rhn.redhat.com/errata/RHSA-2006-0609.html

secunia.com/advisories/20376

secunia.com/advisories/20382

secunia.com/advisories/20561

secunia.com/advisories/20709

secunia.com/advisories/21134

secunia.com/advisories/21176

secunia.com/advisories/21178

secunia.com/advisories/21183

secunia.com/advisories/21188

secunia.com/advisories/21210

secunia.com/advisories/21269

secunia.com/advisories/21270

secunia.com/advisories/21324

secunia.com/advisories/21336

secunia.com/advisories/21532

secunia.com/advisories/21607

secunia.com/advisories/21631

secunia.com/advisories/22065

secunia.com/advisories/22066

securitytracker.com/id?1016202

securitytracker.com/id?1016214

sunsolve.sun.com/search/document.do?assetkey=1-26-102763-1

www.debian.org/security/2006/dsa-1118

www.debian.org/security/2006/dsa-1120

www.debian.org/security/2006/dsa-1134

www.gentoo.org/security/en/glsa/glsa-200606-12.xml

www.gentoo.org/security/en/glsa/glsa-200606-21.xml

www.kb.cert.org/vuls/id/421529

www.mandriva.com/security/advisories?name=MDKSA-2006:143

www.mandriva.com/security/advisories?name=MDKSA-2006:145

www.mandriva.com/security/advisories?name=MDKSA-2006:146

www.mozilla.org/security/announce/2006/mfsa2006-38.html

www.novell.com/linux/security/advisories/2006_35_mozilla.html

www.redhat.com/support/errata/RHSA-2006-0578.html

www.redhat.com/support/errata/RHSA-2006-0594.html

www.redhat.com/support/errata/RHSA-2006-0610.html

www.redhat.com/support/errata/RHSA-2006-0611.html

www.securityfocus.com/archive/1/435795/100/0/threaded

www.securityfocus.com/archive/1/446657/100/200/threaded

www.securityfocus.com/archive/1/446658/100/200/threaded

www.securityfocus.com/bid/18228

www.us-cert.gov/cas/techalerts/TA06-153A.html

www.vupen.com/english/advisories/2006/2106

www.vupen.com/english/advisories/2006/3748

www.vupen.com/english/advisories/2006/3749

www.vupen.com/english/advisories/2007/0058

www.vupen.com/english/advisories/2008/0083

exchange.xforce.ibmcloud.com/vulnerabilities/26849

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9703

usn.ubuntu.com/296-1/

usn.ubuntu.com/296-2/

usn.ubuntu.com/297-1/

usn.ubuntu.com/297-3/

usn.ubuntu.com/323-1/

7.3 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.419 Medium

EPSS

Percentile

97.3%

JSON

Related for CVE-2006-2778

ubuntucve1 mozilla1 debiancve1 prion1 cert1 openvas19 ubuntu5 nessus27 gentoo2 securityvulns2 redhat5 debian3 suse1 osv3 oraclelinux2 centos4