Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0294

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-0294
Last Modified 07 Mar 2011 09:29:44
Published 02 Feb 2006 03:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0294

Summary

Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 allow remote attackers to execute arbitrary code by changing an element's style from position:relative to position:static, which causes Gecko to operate on freed memory.

Vulnerable Systems

Application

  • Mozilla Firefox 0.10

  • Mozilla Firefox 0.10.1

  • Mozilla Firefox 0.8

  • Mozilla Firefox 0.9

  • Mozilla Firefox 0.9.1

  • Mozilla Firefox 0.9.2

  • Mozilla Firefox 0.9.3

  • Mozilla Firefox 1.0

  • Mozilla Firefox 1.0.1

  • Mozilla Firefox 1.0.2

  • Mozilla Firefox 1.0.3

  • Mozilla Firefox 1.0.4

  • Mozilla Firefox 1.0.5

  • Mozilla Firefox 1.0.6

  • Mozilla Firefox 1.0.7

  • Mozilla Firefox 1.5

  • Mozilla Seamonkey 1.0

  • Mozilla Thunderbird 1.5


References

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=317934

VUPEN - ADV-2006-3749

VUPEN - ADV-2006-0413

HP - SSRT061236

XF - mozilla-element-change-memory-corruption(24431)

BID - 16476

HP - HPSBUX02156

CONFIRM - http://www.mozilla.org/security/announce/2006/mfsa2006-02.html

SECTRACK - 1015570

SECUNIA - 22065

SECUNIA - 18704

SECUNIA - 18700


Last Updated: 27 May 2016 10:41:36