National Vulnerability Database (NVD) National Vulnerability Database (CVE-2006-1742)

National Cyber-Alert System

Vulnerability Summary for CVE-2006-1742

Original release date:04/14/2006

Last revised:02/05/2009

Source: US-CERT/NIST

Overview

The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger operations on freed memory and cause memory corruption.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type:Allows unauthorized modification

Solution

Fixed in: Firefox 1.5 Firefox 1.0.8 Thunderbird 1.5 Thunderbird 1.0.8 SeaMonkey 1.0 Mozilla Suite 1.7.13}

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Vulnerability Note: VU#492382

Name: VU#492382

Hyperlink:http://www.kb.cert.org/vuls/id/492382

External Source: CONFIRM

Name: http://www.mozilla.org/security/announce/2006/mfsa2006-10.html

Hyperlink:http://www.mozilla.org/security/announce/2006/mfsa2006-10.html

External Source: SUNALERT

Name: 228526

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1

External Source: XF

Name: mozilla-garbage-memory-corruption(25807)

Hyperlink:http://xforce.iss.net/xforce/xfdb/25807

External Source: UBUNTU

Name: USN-276-1

Hyperlink:http://www.ubuntulinux.org/support/documentation/usn/usn-276-1

External Source: UBUNTU

Name: USN-275-1

Hyperlink:http://www.ubuntulinux.org/support/documentation/usn/usn-275-1

External Source: UBUNTU

Name: USN-271-1

Hyperlink:http://www.ubuntulinux.org/support/documentation/usn/usn-271-1

External Source: HP

Name: HPSBUX02122

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/438730/100/0/threaded

External Source: FEDORA

Name: FLSA:189137-2

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/436338/100/0/threaded

External Source: FEDORA

Name: FLSA:189137-1

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/436296/100/0/threaded

External Source: REDHAT

Name: RHSA-2006:0330

Hyperlink:http://www.redhat.com/support/errata/RHSA-2006-0330.html

External Source: REDHAT

Name: RHSA-2006:0329

Hyperlink:http://www.redhat.com/support/errata/RHSA-2006-0329.html

External Source: REDHAT

Name: RHSA-2006:0328

Hyperlink:http://www.redhat.com/support/errata/RHSA-2006-0328.html

External Source: FEDORA

Name: FEDORA-2006-411

Hyperlink:http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html

External Source: FEDORA

Name: FEDORA-2006-410

Hyperlink:http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html

External Source: SUSE

Name: SUSE-SA:2006:004

Hyperlink:http://www.novell.com/linux/security/advisories/2006_04_25.html

External Source: MANDRIVA

Name: MDKSA-2006:076

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2006:076

External Source: MANDRIVA

Name: MDKSA-2006:075

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2006:075

External Source: GENTOO

Name: GLSA-200605-09

Hyperlink:http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml

External Source: GENTOO

Name: GLSA-200604-18

Hyperlink:http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml

External Source: GENTOO

Name: GLSA-200604-12

Hyperlink:http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml

External Source: VUPEN

Name: ADV-2006-1356

Hyperlink:http://www.frsirt.com/english/advisories/2006/1356

External Source: DEBIAN

Name: DSA-1051

Hyperlink:http://www.debian.org/security/2006/dsa-1051

External Source: DEBIAN

Name: DSA-1046

Hyperlink:http://www.debian.org/security/2006/dsa-1046

External Source: DEBIAN

Name: DSA-1044

Hyperlink:http://www.debian.org/security/2006/dsa-1044

External Source: CONFIRM

Name: http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm

Hyperlink:http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm

External Source: SUNALERT

Name: 102550

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1

External Source: SECUNIA

Name: 21622

Hyperlink:http://secunia.com/advisories/21622

External Source: SECUNIA

Name: 21033

Hyperlink:http://secunia.com/advisories/21033

External Source: SECUNIA

Name: 20051

Hyperlink:http://secunia.com/advisories/20051

External Source: SECUNIA

Name: 19950

Hyperlink:http://secunia.com/advisories/19950

External Source: SECUNIA

Name: 19941

Hyperlink:http://secunia.com/advisories/19941

External Source: SECUNIA

Name: 19902

Hyperlink:http://secunia.com/advisories/19902

External Source: SECUNIA

Name: 19863

Hyperlink:http://secunia.com/advisories/19863

External Source: SECUNIA

Name: 19862

Hyperlink:http://secunia.com/advisories/19862

External Source: SECUNIA

Name: 19852

Hyperlink:http://secunia.com/advisories/19852

External Source: SECUNIA

Name: 19823

Hyperlink:http://secunia.com/advisories/19823

External Source: SECUNIA

Name: 19811

Hyperlink:http://secunia.com/advisories/19811

External Source: SECUNIA

Name: 19794

Hyperlink:http://secunia.com/advisories/19794

External Source: SECUNIA

Name: 19780

Hyperlink:http://secunia.com/advisories/19780

External Source: SECUNIA

Name: 19759

Hyperlink:http://secunia.com/advisories/19759

External Source: SECUNIA

Name: 19746

Hyperlink:http://secunia.com/advisories/19746

External Source: SECUNIA

Name: 19729

Hyperlink:http://secunia.com/advisories/19729

External Source: SECUNIA

Name: 19721

Hyperlink:http://secunia.com/advisories/19721

External Source: SECUNIA

Name: 19714

Hyperlink:http://secunia.com/advisories/19714

External Source: SECUNIA

Name: 19696

Hyperlink:http://secunia.com/advisories/19696

External Source: SECUNIA

Name: 19631

Hyperlink:http://secunia.com/advisories/19631

External Source: SUSE

Name: SUSE-SA:2006:021

Hyperlink:http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html

External Source: MANDRIVA

Name: MDKSA-2006:076

Hyperlink:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:076

External Source: MANDRIVA

Name: MDKSA-2006:075

Hyperlink:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:075

External Source: SGI

Name: 20060404-01-U

Hyperlink:ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc

External Source: SCO

Name: SCOSA-2006.26

Hyperlink:ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt

US Government Resource: oval:org.mitre.oval:def:1087

Name: oval:org.mitre.oval:def:1087

Type: Tool Signature

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1087

Vulnerable software and versions

Configuration 1

* cpe:/a:mozilla:firefox:1.0

* cpe:/a:mozilla:firefox:1.0.1

* cpe:/a:mozilla:firefox:1.0.2

* cpe:/a:mozilla:firefox:1.0.3

* cpe:/a:mozilla:firefox:1.0.4

* cpe:/a:mozilla:firefox:1.0.5

* cpe:/a:mozilla:firefox:1.0.6

* cpe:/a:mozilla:firefox:1.5

* cpe:/a:mozilla:firefox:1.5:beta1

* cpe:/a:mozilla:firefox:1.5:beta2

* cpe:/a:mozilla:mozilla_suite:1.7.10

* cpe:/a:mozilla:mozilla_suite:1.7.11

* cpe:/a:mozilla:mozilla_suite:1.7.6

* cpe:/a:mozilla:mozilla_suite:1.7.7

* cpe:/a:mozilla:mozilla_suite:1.7.8

* cpe:/a:mozilla:seamonkey:1.0::alpha

* cpe:/a:mozilla:thunderbird:1.0

* cpe:/a:mozilla:thunderbird:1.0.1

* cpe:/a:mozilla:thunderbird:1.0.2

* cpe:/a:mozilla:thunderbird:1.0.3

* cpe:/a:mozilla:thunderbird:1.0.4

* cpe:/a:mozilla:thunderbird:1.0.5

* cpe:/a:mozilla:thunderbird:1.0.5:beta

* cpe:/a:mozilla:thunderbird:1.0.6

* cpe:/a:mozilla:thunderbird:1.5

* cpe:/a:mozilla:thunderbird:1.5:beta2

* cpe:/a:mozilla:firefox:1.0.7 and previous versions

* cpe:/a:mozilla:mozilla_suite:1.7.12 and previous versions

* cpe:/a:mozilla:seamonkey:1.0:beta and previous versions

* cpe:/a:mozilla:thunderbird:1.0.7 and previous versions

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1742