Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0297

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-0297
Last Modified 07 Mar 2011 09:29:44
Published 02 Feb 2006 05:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-0297

Summary

Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the (1) EscapeAttributeValue in jsxml.c for E4X, (2) nsSVGCairoSurface::Init in SVG, and (3) nsCanvasRenderingContext2D.cpp in Canvas.

Vulnerable Systems

Application

  • Mozilla Firefox 1.5

  • Mozilla Seamonkey 1.0

  • Mozilla Thunderbird 1.5


References

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=322215

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=319872

XF - mozilla-component-integer-overflow(24435)

VUPEN - ADV-2006-3749

VUPEN - ADV-2006-0413

BID - 16476

HP - SSRT061236

SECTRACK - 1015570

SECUNIA - 18704

SECUNIA - 18700

HP - HPSBUX02156

CONFIRM - http://www.mozilla.org/security/announce/2006/mfsa2006-06.html

SECUNIA - 22065


Last Updated: 27 May 2016 10:41:36