ID CVE-2006-1724
Summary Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to DHTML. Fixed in: Firefox 1.5.0.2 Thunderbird 1.5.0.2 SeaMonkey 1.0.1
References
Vulnerable Configurations
  • cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0:-:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0:-:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5:-:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5:-:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla_suite:-:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla_suite:-:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla_suite:1.7.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla_suite:1.7.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla_suite:1.7.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla_suite:1.7.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla_suite:1.7.8:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla_suite:1.7.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla_suite:1.7.10:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla_suite:1.7.10:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla_suite:1.7.11:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla_suite:1.7.11:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla_suite:1.7.12:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla_suite:1.7.12:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:-:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:-:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.0:-:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.0:-:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.0:rc:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.0:rc:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.5:-:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.5:-:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.5:beta1:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.5:beta1:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.5:rc1:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.5:rc1:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.5:rc2:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.5:rc2:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 18-10-2018 - 16:34)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
  • accepted 2013-04-29T04:03:55.251-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    description Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to DHTML.
    family unix
    id oval:org.mitre.oval:def:10243
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to DHTML.
    version 29
  • accepted 2007-05-09T16:11:01.149-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    description Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to DHTML.
    family windows
    id oval:org.mitre.oval:def:1901
    status accepted
    submitted 2006-05-07T09:05:00.000-04:00
    title Mozilla Crashes with Evidence of Memory Corruption (CVE-2006-1724)
    version 4
redhat via4
advisories
  • rhsa
    id RHSA-2006:0328
  • rhsa
    id RHSA-2006:0330
rpms
  • firefox-0:1.0.8-1.4.1
  • firefox-debuginfo-0:1.0.8-1.4.1
  • devhelp-0:0.9.2-2.4.8
  • devhelp-debuginfo-0:0.9.2-2.4.8
  • devhelp-devel-0:0.9.2-2.4.8
  • thunderbird-0:1.0.8-1.4.1
  • thunderbird-debuginfo-0:1.0.8-1.4.1
refmap via4
bid 17516
cert TA06-107A
cert-vn VU#350262
confirm
debian
  • DSA-1046
  • DSA-1051
fedora
  • FEDORA-2006-410
  • FEDORA-2006-411
  • FLSA:189137-2
hp
  • HPSBTU02118
  • HPSBUX02153
  • HPSBUX02156
  • SSRT061145
  • SSRT061181
  • SSRT061236
misc https://bugzilla.mozilla.org/show_bug.cgi?id=282105
sco SCOSA-2006.26
sectrack
  • 1015919
  • 1015920
  • 1015921
secunia
  • 19631
  • 19649
  • 19696
  • 19714
  • 19780
  • 19863
  • 19941
  • 21033
  • 21622
  • 22065
  • 22066
sunalert
  • 102550
  • 228526
vupen
  • ADV-2006-1356
  • ADV-2006-3748
  • ADV-2006-3749
  • ADV-2008-0083
Last major update 18-10-2018 - 16:34
Published 14-04-2006 - 10:02
Last modified 18-10-2018 - 16:34
Back to Top