Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3804

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-3804
Last Modified 07 Mar 2011 09:39:30
Published 27 Jul 2006 03:04:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3804

Summary

Heap-based buffer overflow in Mozilla Thunderbird before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service (crash) via a VCard attachment with a malformed base64 field, which copies more data than expected due to an integer underflow.

Vulnerable Systems

Application

  • Mozilla Seamonkey 1.0

  • Mozilla Seamonkey 1.0.1

  • Mozilla Seamonkey 1.0.2

  • Mozilla Thunderbird 1.5

  • Mozilla Thunderbird 1.5.0.2

  • Mozilla Thunderbird 1.5.0.4


References

CERT - TA06-208A

CERT-VN - VU#897540

BID - 19181

SECUNIA - 21229

SECUNIA - 21228

CONFIRM - https://issues.rpath.com/browse/RPL-537

XF - mozilla-vcard-base64-bo(27985)

VUPEN - ADV-2007-0058

VUPEN - ADV-2006-3749

VUPEN - ADV-2006-2998

UBUNTU - USN-329-1

HP - HPSBUX02156

REDHAT - RHSA-2006:0611

REDHAT - RHSA-2006:0608

SUSE - SUSE-SA:2006:048

CONFIRM - http://www.mozilla.org/security/announce/2006/mfsa2006-49.html

SECTRACK - 1016588

SECTRACK - 1016587

GENTOO - GLSA-200608-04

GENTOO - GLSA-200608-02

SECUNIA - 21607

SECUNIA - 21532

SECUNIA - 21529

SECUNIA - 21358

SECUNIA - 21343

SECUNIA - 21336

SECUNIA - 21275

SECUNIA - 21269

SECUNIA - 21262

SECUNIA - 21250

SECUNIA - 21246

REDHAT - RHSA-2006:0609

SGI - 20060703-01-P

UBUNTU - USN-350-1

REDHAT - RHSA-2006:0594

MANDRIVA - MDKSA-2006:146

MANDRIVA - MDKSA-2006:145

MANDRIVA - MDKSA-2006:143

SUNALERT - 102763

SECUNIA - 22065

SECUNIA - 22055

SECUNIA - 21631

HP - SSRT061236


Last Updated: 27 May 2016 10:44:53