CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
99.0%
Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption.
Vendor | Product | Version | CPE |
---|---|---|---|
mozilla | firefox | * | cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* |
mozilla | seamonkey | * | cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:* |
canonical | ubuntu_linux | 5.10 | cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:* |
canonical | ubuntu_linux | 6.06 | cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:* |
canonical | ubuntu_linux | 6.10 | cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:* |
ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc
fedoranews.org/cms/node/2297
fedoranews.org/cms/node/2338
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
rhn.redhat.com/errata/RHSA-2006-0758.html
rhn.redhat.com/errata/RHSA-2006-0759.html
rhn.redhat.com/errata/RHSA-2006-0760.html
secunia.com/advisories/23282
secunia.com/advisories/23422
secunia.com/advisories/23433
secunia.com/advisories/23439
secunia.com/advisories/23440
secunia.com/advisories/23468
secunia.com/advisories/23514
secunia.com/advisories/23545
secunia.com/advisories/23589
secunia.com/advisories/23601
secunia.com/advisories/23614
secunia.com/advisories/23618
secunia.com/advisories/23672
secunia.com/advisories/23692
security.gentoo.org/glsa/glsa-200701-02.xml
securitytracker.com/id?1017417
securitytracker.com/id?1017418
www.gentoo.org/security/en/glsa/glsa-200701-04.xml
www.kb.cert.org/vuls/id/928956
www.mandriva.com/security/advisories?name=MDKSA-2007:010
www.mozilla.org/security/announce/2006/mfsa2006-73.html
www.novell.com/linux/security/advisories/2006_80_mozilla.html
www.novell.com/linux/security/advisories/2007_06_mozilla.html
www.securityfocus.com/archive/1/454939/100/0/threaded
www.securityfocus.com/archive/1/455145/100/0/threaded
www.securityfocus.com/archive/1/455728/100/200/threaded
www.securityfocus.com/bid/21668
www.ubuntu.com/usn/usn-398-1
www.ubuntu.com/usn/usn-398-2
www.us-cert.gov/cas/techalerts/TA06-354A.html
www.vupen.com/english/advisories/2006/5068
www.vupen.com/english/advisories/2008/0083
www.zerodayinitiative.com/advisories/ZDI-06-051.html
issues.rpath.com/browse/RPL-883
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11077