Lucene search
Mozilla FoundationMFSA2006-22HistoryApr 13, 2006 - 12:00 a.m.
CSS Letter-Spacing Heap Overflow Vulnerability — Mozilla
2006-04-1300:00:00
Mozilla Foundation
www.mozilla.org
6
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.974 High
EPSS
Percentile
99.9%
An anonymous researcher for TippingPoint and the Zero Day Initiative discovered an integer overflow triggered by the CSS letter-spacing property. This results in in under-allocating memory and ultimately a heap buffer overflow which could be exploited to run code of the attacker’s choice.
| CPE | Name | Operator | Version |
|---|---|---|---|
| firefox | lt | 1.0.8 | |
| firefox | lt | 1.5.0.2 | |
| mozilla suite | lt | 1.7.13 | |
| seamonkey | lt | 1.0.1 | |
| thunderbird | lt | 1.0.8 | |
| thunderbird | lt | 1.5.0.2 |
Related
cve
cve
CVE-2006-1730
2006-04-14 10:02:00
checkpoint_advisories
checkpoint_advisories
Mozilla Firefox CSS letter-spacing Heap Overflow - Ver2 (CVE-2006-1730)
2014-03-31 00:00:00
Mozilla Firefox CSS letter-spacing Heap Overflow - Ver2 (CVE-2006-1730)
2014-03-31 00:00:00
debiancve
debiancve
CVE-2006-1730
2006-04-14 10:02:00
zdi
zdi
Mozilla Firefox CSS Letter-Spacing Heap Overflow Vulnerability
2006-04-17 00:00:00
cert
cert
Mozilla CSS integer overflow vulnerability
2006-04-17 00:00:00
ubuntucve
ubuntucve
CVE-2006-1730
2006-04-14 00:00:00
prion
prion
Integer overflow
2006-04-14 10:02:00
securityvulns
securityvulns
nessus
nessus
Firefox < 1.5.0.2 Multiple Vulnerabilities
2006-04-14 00:00:00
Mandrake Linux Security Advisory : mozilla-firefox (MDKSA-2006:075)
2006-04-26 00:00:00
Fedora Core 4 : firefox-1.0.8-1.1.fc4 (2006-410)
2006-04-21 00:00:00
openvas
openvas
SLES9: Security update for Mozilla suite
2009-10-10 00:00:00
SLES9: Security update for Mozilla suite
2009-10-10 00:00:00
Gentoo Security Advisory GLSA 200605-09 (mozilla-thunderbird)
2008-09-24 00:00:00
suse
suse
remote code execution in MozillaFirefox,mozilla
2006-04-20 13:13:08
remote code execution in MozillaThunderbird
2006-04-25 13:15:04
remote code execution in phpMyAdmin
2006-01-26 13:53:52
redhat
redhat
(RHSA-2006:0328) firefox security update
2006-04-14 00:00:00
(RHSA-2006:0330) thunderbird security update
2006-04-21 00:00:00
(RHSA-2006:0329) mozilla security update
2006-04-18 00:00:00
centos
centos
firefox security update
2006-04-14 18:00:35
devhelp, mozilla security update
2006-04-18 17:41:36
galeon, mozilla security update
2006-04-18 23:53:59
gentoo
gentoo
Mozilla Thunderbird: Multiple vulnerabilities
2006-05-08 00:00:00
Mozilla Firefox: Multiple vulnerabilities
2006-04-23 00:00:00
Mozilla Suite: Multiple vulnerabilities
2006-04-28 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2006-04-20 00:00:00
Thunderbird vulnerabilities
2006-05-03 00:00:00
Mozilla vulnerabilities
2006-04-28 00:00:00
debian
debian
osv
osv
mozilla-firefox - several
2006-04-26 00:00:00
mozilla-thunderbird - several vulnerabilities
2006-05-04 00:00:00
mozilla - several
2006-04-27 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2006-04-13 00:00:00
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.974 High
EPSS
Percentile
99.9%
Related for MFSA2006-22