ID CVE-2006-6505
Summary Multiple heap-based buffer overflows in Mozilla Thunderbird before 1.5.0.9 and SeaMonkey before 1.0.7 allow remote attackers to execute arbitrary code via (1) external message modies with long Content-Type headers or (2) long RFC2047-encoded (MIME non-ASCII) headers.
References
Vulnerable Configurations
  • cpe:2.3:a:mozilla:seamonkey:-:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:-:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.7:-:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.7:-:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.7:rc:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.7:rc:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.0:-:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.0:-:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.0:rc:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.0:rc:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.1:alpha1:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.1:alpha1:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.1:alpha2:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.1:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.5:-:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.5:-:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.5:beta1:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.5:beta1:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.5:rc1:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.5:rc1:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.5:rc2:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.5:rc2:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.5.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.5.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.5.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.5.0.8:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 17-10-2018 - 21:48)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
oval via4
accepted 2013-04-29T04:14:42.608-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description Multiple heap-based buffer overflows in Mozilla Thunderbird before 1.5.0.9 and SeaMonkey before 1.0.7 allow remote attackers to execute arbitrary code via (1) external message modies with long Content-Type headers or (2) long RFC2047-encoded (MIME non-ASCII) headers.
family unix
id oval:org.mitre.oval:def:11565
status accepted
submitted 2010-07-09T03:56:16-04:00
title Multiple heap-based buffer overflows in Mozilla Thunderbird before 1.5.0.9 and SeaMonkey before 1.0.7 allow remote attackers to execute arbitrary code via (1) external message modies with long Content-Type headers or (2) long RFC2047-encoded (MIME non-ASCII) headers.
version 24
redhat via4
advisories
  • bugzilla
    id 219684
    title CVE-2006-6497 Multiple Seamonkey issues (CVE-2006-6498, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504, CVE-2006-6505)
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 3 is installed
        oval oval:com.redhat.rhba:tst:20070026001
      • OR
        • AND
          • comment seamonkey is earlier than 0:1.0.7-0.1.el3
            oval oval:com.redhat.rhsa:tst:20060759002
          • comment seamonkey is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734003
        • AND
          • comment seamonkey-chat is earlier than 0:1.0.7-0.1.el3
            oval oval:com.redhat.rhsa:tst:20060759010
          • comment seamonkey-chat is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734021
        • AND
          • comment seamonkey-devel is earlier than 0:1.0.7-0.1.el3
            oval oval:com.redhat.rhsa:tst:20060759012
          • comment seamonkey-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734005
        • AND
          • comment seamonkey-dom-inspector is earlier than 0:1.0.7-0.1.el3
            oval oval:com.redhat.rhsa:tst:20060759018
          • comment seamonkey-dom-inspector is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734011
        • AND
          • comment seamonkey-js-debugger is earlier than 0:1.0.7-0.1.el3
            oval oval:com.redhat.rhsa:tst:20060759020
          • comment seamonkey-js-debugger is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734013
        • AND
          • comment seamonkey-mail is earlier than 0:1.0.7-0.1.el3
            oval oval:com.redhat.rhsa:tst:20060759016
          • comment seamonkey-mail is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734019
        • AND
          • comment seamonkey-nspr is earlier than 0:1.0.7-0.1.el3
            oval oval:com.redhat.rhsa:tst:20060759004
          • comment seamonkey-nspr is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734007
        • AND
          • comment seamonkey-nspr-devel is earlier than 0:1.0.7-0.1.el3
            oval oval:com.redhat.rhsa:tst:20060759014
          • comment seamonkey-nspr-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734009
        • AND
          • comment seamonkey-nss is earlier than 0:1.0.7-0.1.el3
            oval oval:com.redhat.rhsa:tst:20060759008
          • comment seamonkey-nss is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734015
        • AND
          • comment seamonkey-nss-devel is earlier than 0:1.0.7-0.1.el3
            oval oval:com.redhat.rhsa:tst:20060759006
          • comment seamonkey-nss-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734017
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhba:tst:20070304001
      • OR
        • AND
          • comment seamonkey is earlier than 0:1.0.7-0.1.el4
            oval oval:com.redhat.rhsa:tst:20060759023
          • comment seamonkey is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734003
        • AND
          • comment seamonkey-chat is earlier than 0:1.0.7-0.1.el4
            oval oval:com.redhat.rhsa:tst:20060759027
          • comment seamonkey-chat is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734021
        • AND
          • comment seamonkey-devel is earlier than 0:1.0.7-0.1.el4
            oval oval:com.redhat.rhsa:tst:20060759028
          • comment seamonkey-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734005
        • AND
          • comment seamonkey-dom-inspector is earlier than 0:1.0.7-0.1.el4
            oval oval:com.redhat.rhsa:tst:20060759032
          • comment seamonkey-dom-inspector is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734011
        • AND
          • comment seamonkey-js-debugger is earlier than 0:1.0.7-0.1.el4
            oval oval:com.redhat.rhsa:tst:20060759026
          • comment seamonkey-js-debugger is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734013
        • AND
          • comment seamonkey-mail is earlier than 0:1.0.7-0.1.el4
            oval oval:com.redhat.rhsa:tst:20060759030
          • comment seamonkey-mail is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734019
        • AND
          • comment seamonkey-nspr is earlier than 0:1.0.7-0.1.el4
            oval oval:com.redhat.rhsa:tst:20060759025
          • comment seamonkey-nspr is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734007
        • AND
          • comment seamonkey-nspr-devel is earlier than 0:1.0.7-0.1.el4
            oval oval:com.redhat.rhsa:tst:20060759024
          • comment seamonkey-nspr-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734009
        • AND
          • comment seamonkey-nss is earlier than 0:1.0.7-0.1.el4
            oval oval:com.redhat.rhsa:tst:20060759031
          • comment seamonkey-nss is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734015
        • AND
          • comment seamonkey-nss-devel is earlier than 0:1.0.7-0.1.el4
            oval oval:com.redhat.rhsa:tst:20060759029
          • comment seamonkey-nss-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734017
        • AND
          • comment devhelp is earlier than 0:0.10-0.6.el4
            oval oval:com.redhat.rhsa:tst:20060759033
          • comment devhelp is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734034
        • AND
          • comment devhelp-devel is earlier than 0:0.10-0.6.el4
            oval oval:com.redhat.rhsa:tst:20060759035
          • comment devhelp-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060734036
    rhsa
    id RHSA-2006:0759
    released 2006-12-19
    severity Critical
    title RHSA-2006:0759: seamonkey security update (Critical)
  • bugzilla
    id 219686
    title CVE-2006-6497 Multiple Thunderbird issues (CVE-2006-6498, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504, CVE-2006-6505)
    oval
    AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304001
    • comment thunderbird is earlier than 0:1.5.0.9-0.1.el4
      oval oval:com.redhat.rhsa:tst:20060760002
    • comment thunderbird is signed with Red Hat master key
      oval oval:com.redhat.rhsa:tst:20060735003
    rhsa
    id RHSA-2006:0760
    released 2006-12-19
    severity Critical
    title RHSA-2006:0760: thunderbird security update (Critical)
rpms
  • seamonkey-0:1.0.7-0.1.el3
  • seamonkey-chat-0:1.0.7-0.1.el3
  • seamonkey-devel-0:1.0.7-0.1.el3
  • seamonkey-dom-inspector-0:1.0.7-0.1.el3
  • seamonkey-js-debugger-0:1.0.7-0.1.el3
  • seamonkey-mail-0:1.0.7-0.1.el3
  • seamonkey-nspr-0:1.0.7-0.1.el3
  • seamonkey-nspr-devel-0:1.0.7-0.1.el3
  • seamonkey-nss-0:1.0.7-0.1.el3
  • seamonkey-nss-devel-0:1.0.7-0.1.el3
  • seamonkey-0:1.0.7-0.1.el4
  • seamonkey-chat-0:1.0.7-0.1.el4
  • seamonkey-devel-0:1.0.7-0.1.el4
  • seamonkey-dom-inspector-0:1.0.7-0.1.el4
  • seamonkey-js-debugger-0:1.0.7-0.1.el4
  • seamonkey-mail-0:1.0.7-0.1.el4
  • seamonkey-nspr-0:1.0.7-0.1.el4
  • seamonkey-nspr-devel-0:1.0.7-0.1.el4
  • seamonkey-nss-0:1.0.7-0.1.el4
  • seamonkey-nss-devel-0:1.0.7-0.1.el4
  • devhelp-0:0.10-0.6.el4
  • devhelp-devel-0:0.10-0.6.el4
  • thunderbird-0:1.5.0.9-0.1.el4
refmap via4
bid 21668
bugtraq
  • 20061222 rPSA-2006-0234-1 firefox
  • 20070102 rPSA-2006-0234-2 firefox thunderbird
cert TA06-354A
cert-vn VU#887332
confirm
debian DSA-1265
fedora
  • FEDORA-2006-1491
  • FEDORA-2007-004
gentoo
  • GLSA-200701-03
  • GLSA-200701-04
mandriva MDKSA-2007:011
sectrack
  • 1017419
  • 1017420
secunia
  • 23420
  • 23422
  • 23433
  • 23439
  • 23468
  • 23514
  • 23545
  • 23591
  • 23598
  • 23601
  • 23618
  • 23672
  • 23692
  • 24108
  • 24390
sgi 20061202-01-P
sunalert 102800
suse
  • SUSE-SA:2006:080
  • SUSE-SA:2007:006
ubuntu USN-400-1
vupen
  • ADV-2006-5068
  • ADV-2007-0573
  • ADV-2008-0083
Last major update 17-10-2018 - 21:48
Published 20-12-2006 - 01:28
Back to Top