CVE - CVE-2006-2779

CVE-ID
CVE-2006-2779	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:18228 URL:http://www.securityfocus.com/bid/18228 BUGTRAQ:20060602 rPSA-2006-0091-1 firefox thunderbird URL:http://www.securityfocus.com/archive/1/435795/100/0/threaded CERT:TA06-153A URL:http://www.us-cert.gov/cas/techalerts/TA06-153A.html CERT-VN:VU#466673 URL:http://www.kb.cert.org/vuls/id/466673 CONFIRM:http://www.mozilla.org/security/announce/2006/mfsa2006-32.html DEBIAN:DSA-1118 URL:http://www.debian.org/security/2006/dsa-1118 DEBIAN:DSA-1120 URL:http://www.debian.org/security/2006/dsa-1120 DEBIAN:DSA-1134 URL:http://www.debian.org/security/2006/dsa-1134 DEBIAN:DSA-1159 URL:http://www.debian.org/security/2006/dsa-1159 DEBIAN:DSA-1160 URL:http://www.debian.org/security/2006/dsa-1160 GENTOO:GLSA-200606-12 URL:http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml GENTOO:GLSA-200606-21 URL:http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml HP:HPSBUX02153 URL:http://www.securityfocus.com/archive/1/446658/100/200/threaded HP:HPSBUX02156 URL:http://www.securityfocus.com/archive/1/446657/100/200/threaded HP:SSRT061181 URL:http://www.securityfocus.com/archive/1/446658/100/200/threaded HP:SSRT061236 URL:http://www.securityfocus.com/archive/1/446657/100/200/threaded MANDRIVA:MDKSA-2006:143 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:143~~ (Obsolete source) MANDRIVA:MDKSA-2006:145 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:145~~ (Obsolete source) MANDRIVA:MDKSA-2006:146 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:146~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:9762 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9762 REDHAT:RHSA-2006:0578 URL:http://www.redhat.com/support/errata/RHSA-2006-0578.html REDHAT:RHSA-2006:0594 URL:http://www.redhat.com/support/errata/RHSA-2006-0594.html REDHAT:RHSA-2006:0609 URL:http://rhn.redhat.com/errata/RHSA-2006-0609.html REDHAT:RHSA-2006:0610 URL:http://www.redhat.com/support/errata/RHSA-2006-0610.html REDHAT:RHSA-2006:0611 URL:http://www.redhat.com/support/errata/RHSA-2006-0611.html SECTRACK:1016202 URL:http://securitytracker.com/id?1016202 SECTRACK:1016214 URL:http://securitytracker.com/id?1016214 SECUNIA:20376 URL:http://secunia.com/advisories/20376 SECUNIA:20382 URL:http://secunia.com/advisories/20382 SECUNIA:20561 URL:http://secunia.com/advisories/20561 SECUNIA:20709 URL:http://secunia.com/advisories/20709 SECUNIA:21134 URL:http://secunia.com/advisories/21134 SECUNIA:21176 URL:http://secunia.com/advisories/21176 SECUNIA:21178 URL:http://secunia.com/advisories/21178 SECUNIA:21183 URL:http://secunia.com/advisories/21183 SECUNIA:21188 URL:http://secunia.com/advisories/21188 SECUNIA:21210 URL:http://secunia.com/advisories/21210 SECUNIA:21269 URL:http://secunia.com/advisories/21269 SECUNIA:21270 URL:http://secunia.com/advisories/21270 SECUNIA:21324 URL:http://secunia.com/advisories/21324 SECUNIA:21336 URL:http://secunia.com/advisories/21336 SECUNIA:21532 URL:http://secunia.com/advisories/21532 SECUNIA:21607 URL:http://secunia.com/advisories/21607 SECUNIA:21631 URL:http://secunia.com/advisories/21631 SECUNIA:21634 URL:http://secunia.com/advisories/21634 SECUNIA:21654 URL:http://secunia.com/advisories/21654 SECUNIA:22065 URL:http://secunia.com/advisories/22065 SECUNIA:22066 URL:http://secunia.com/advisories/22066 SECUNIA:27216 URL:http://secunia.com/advisories/27216 SUNALERT:102943 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-102943-1~~ (Obsolete source) SUNALERT:200387 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-66-200387-1~~ (Obsolete source) SUSE:SUSE-SA:2006:035 URL:http://www.novell.com/linux/security/advisories/2006_35_mozilla.html UBUNTU:USN-296-1 URL:https://usn.ubuntu.com/296-1/ UBUNTU:USN-296-2 URL:https://usn.ubuntu.com/296-2/ UBUNTU:USN-297-1 URL:https://usn.ubuntu.com/297-1/ UBUNTU:USN-297-3 URL:https://usn.ubuntu.com/297-3/ UBUNTU:USN-323-1 URL:https://usn.ubuntu.com/323-1/ VUPEN:ADV-2006-2106 URL:~~http://www.vupen.com/english/advisories/2006/2106~~ (Obsolete source) VUPEN:ADV-2006-3748 URL:~~http://www.vupen.com/english/advisories/2006/3748~~ (Obsolete source) VUPEN:ADV-2006-3749 URL:~~http://www.vupen.com/english/advisories/2006/3749~~ (Obsolete source) VUPEN:ADV-2007-3488 URL:~~http://www.vupen.com/english/advisories/2007/3488~~ (Obsolete source) VUPEN:ADV-2008-0083 URL:~~http://www.vupen.com/english/advisories/2008/0083~~ (Obsolete source) XF:mozilla-browserengine-memory-corruption(26843) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/26843
Assigning CNA
MITRE Corporation
Date Record Created
20060602	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060602)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)