National Vulnerability Database (NVD) National Vulnerability Database (CVE-2006-6498)

National Cyber Awareness System

Vulnerability Summary for CVE-2006-6498

Original release date:12/20/2006

Last revised:09/01/2011

Source: US-CERT/NIST

Overview

Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown impact and attack vectors.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:6.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type:Provides unauthorized access, Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Technical Alert: TA06-354A

Name: TA06-354A

Hyperlink:http://www.us-cert.gov/cas/techalerts/TA06-354A.html

US-CERT Vulnerability Note: VU#447772

Name: VU#447772

Hyperlink:http://www.kb.cert.org/vuls/id/447772

US-CERT Vulnerability Note: VU#427972

Name: VU#427972

Hyperlink:http://www.kb.cert.org/vuls/id/427972

External Source: CONFIRM

Name: https://issues.rpath.com/browse/RPL-883

Hyperlink:https://issues.rpath.com/browse/RPL-883

External Source: VUPEN

Name: ADV-2008-0083

Hyperlink:http://www.vupen.com/english/advisories/2008/0083

External Source: VUPEN

Name: ADV-2007-2106

Hyperlink:http://www.vupen.com/english/advisories/2007/2106

External Source: VUPEN

Name: ADV-2006-5068

Hyperlink:http://www.vupen.com/english/advisories/2006/5068

External Source: UBUNTU

Name: USN-400-1

Hyperlink:http://www.ubuntu.com/usn/usn-400-1

External Source: UBUNTU

Name: USN-398-2

Hyperlink:http://www.ubuntu.com/usn/usn-398-2

External Source: UBUNTU

Name: USN-398-1

Hyperlink:http://www.ubuntu.com/usn/usn-398-1

External Source: BID

Name: 21668

Hyperlink:http://www.securityfocus.com/bid/21668

External Source: BUGTRAQ

Name: 20070102 rPSA-2006-0234-2 firefox thunderbird

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/455728/100/200/threaded

External Source: BUGTRAQ

Name: 20061222 rPSA-2006-0234-1 firefox

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/455145/100/0/threaded

External Source: SUSE

Name: SUSE-SA:2007:006

Hyperlink:http://www.novell.com/linux/security/advisories/2007_06_mozilla.html

External Source: SUSE

Name: SUSE-SA:2006:080

Hyperlink:http://www.novell.com/linux/security/advisories/2006_80_mozilla.html

External Source: CONFIRM

Name: http://www.mozilla.org/security/announce/2006/mfsa2006-68.html

Hyperlink:http://www.mozilla.org/security/announce/2006/mfsa2006-68.html

External Source: GENTOO

Name: GLSA-200701-04

Hyperlink:http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml

External Source: DEBIAN

Name: DSA-1265

Hyperlink:http://www.debian.org/security/2007/dsa-1265

External Source: DEBIAN

Name: DSA-1258

Hyperlink:http://www.debian.org/security/2007/dsa-1258

External Source: DEBIAN

Name: DSA-1253

Hyperlink:http://www.debian.org/security/2007/dsa-1253

External Source: SUNALERT

Name: 102955

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102955-1

External Source: SECTRACK

Name: 1017406

Hyperlink:http://securitytracker.com/id?1017406

External Source: SECTRACK

Name: 1017405

Hyperlink:http://securitytracker.com/id?1017405

External Source: SECTRACK

Name: 1017398

Hyperlink:http://securitytracker.com/id?1017398

External Source: GENTOO

Name: GLSA-200701-02

Hyperlink:http://security.gentoo.org/glsa/glsa-200701-02.xml

External Source: SECUNIA

Name: 25556

Type: Advisory

Hyperlink:http://secunia.com/advisories/25556

External Source: SECUNIA

Name: 24390

Type: Advisory

Hyperlink:http://secunia.com/advisories/24390

External Source: SECUNIA

Name: 24078

Type: Advisory

Hyperlink:http://secunia.com/advisories/24078

External Source: SECUNIA

Name: 23988

Type: Advisory

Hyperlink:http://secunia.com/advisories/23988

External Source: SECUNIA

Name: 23692

Type: Advisory

Hyperlink:http://secunia.com/advisories/23692

External Source: SECUNIA

Name: 23672

Type: Advisory

Hyperlink:http://secunia.com/advisories/23672

External Source: SECUNIA

Name: 23618

Type: Advisory

Hyperlink:http://secunia.com/advisories/23618

External Source: SECUNIA

Name: 23614

Type: Advisory

Hyperlink:http://secunia.com/advisories/23614

External Source: SECUNIA

Name: 23601

Type: Advisory

Hyperlink:http://secunia.com/advisories/23601

External Source: SECUNIA

Name: 23591

Type: Advisory

Hyperlink:http://secunia.com/advisories/23591

External Source: SECUNIA

Name: 23589

Type: Advisory

Hyperlink:http://secunia.com/advisories/23589

External Source: SECUNIA

Name: 23545

Type: Advisory

Hyperlink:http://secunia.com/advisories/23545

External Source: SECUNIA

Name: 23514

Type: Advisory

Hyperlink:http://secunia.com/advisories/23514

External Source: SECUNIA

Name: 23468

Type: Advisory

Hyperlink:http://secunia.com/advisories/23468

External Source: SECUNIA

Name: 23440

Type: Advisory

Hyperlink:http://secunia.com/advisories/23440

External Source: SECUNIA

Name: 23439

Type: Advisory

Hyperlink:http://secunia.com/advisories/23439

External Source: SECUNIA

Name: 23433

Type: Advisory

Hyperlink:http://secunia.com/advisories/23433

External Source: SECUNIA

Name: 23422

Type: Advisory

Hyperlink:http://secunia.com/advisories/23422

External Source: SECUNIA

Name: 23420

Type: Advisory

Hyperlink:http://secunia.com/advisories/23420

External Source: SECUNIA

Name: 23282

Type: Advisory

Hyperlink:http://secunia.com/advisories/23282

External Source: REDHAT

Name: RHSA-2006:0760

Type: Advisory

Hyperlink:http://rhn.redhat.com/errata/RHSA-2006-0760.html

External Source: REDHAT

Name: RHSA-2006:0759

Type: Advisory

Hyperlink:http://rhn.redhat.com/errata/RHSA-2006-0759.html

External Source: REDHAT

Name: RHSA-2006:0758

Type: Advisory

Hyperlink:http://rhn.redhat.com/errata/RHSA-2006-0758.html

External Source: OVAL

Name: oval:org.mitre.oval:def:10661

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10661

External Source: HP

Name: SSRT061181

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

External Source: HP

Name: HPSBUX02153

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

External Source: FEDORA

Name: FEDORA-2007-004

Hyperlink:http://fedoranews.org/cms/node/2338

External Source: FEDORA

Name: FEDORA-2006-1491

Hyperlink:http://fedoranews.org/cms/node/2297

External Source: SGI

Name: 20061202-01-P

Hyperlink:ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc

References to Check Content

Identifier:oval:org.mitre.oval:def:10661

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10661

Vulnerable software and versions

Configuration 1

* cpe:/a:mozilla:firefox:2.0

* cpe:/a:mozilla:firefox:1.5

* cpe:/a:mozilla:firefox:1.5.0.8

* cpe:/a:mozilla:firefox:1.5.0.7

* cpe:/a:mozilla:firefox:1.5.0.6

* cpe:/a:mozilla:firefox:1.5.0.5

* cpe:/a:mozilla:firefox:1.5.0.4

* cpe:/a:mozilla:firefox:1.5.0.3

* cpe:/a:mozilla:firefox:1.5.0.2

* cpe:/a:mozilla:firefox:1.5.0.1

* cpe:/a:mozilla:mozilla:1.7

Configuration 2

* cpe:/a:mozilla:thunderbird:0.7.2

* cpe:/a:mozilla:thunderbird:0.7.3

* cpe:/a:mozilla:thunderbird:0.7

* cpe:/a:mozilla:thunderbird:0.7.1

* cpe:/a:mozilla:thunderbird:0.8

* cpe:/a:mozilla:thunderbird:0.9

* cpe:/a:mozilla:thunderbird:0.1

* cpe:/a:mozilla:thunderbird:0.2

* cpe:/a:mozilla:thunderbird:0.5

* cpe:/a:mozilla:thunderbird:0.6

* cpe:/a:mozilla:thunderbird:0.3

* cpe:/a:mozilla:thunderbird:0.4

* cpe:/a:mozilla:thunderbird:1.5.0.1

* cpe:/a:mozilla:thunderbird:1.5.0.2

* cpe:/a:mozilla:thunderbird:1.5.0.3

* cpe:/a:mozilla:thunderbird:1.5.0.4

* cpe:/a:mozilla:thunderbird:1.5.0.5

* cpe:/a:mozilla:thunderbird:1.5.0.6

* cpe:/a:mozilla:thunderbird:1.5.0.7

* cpe:/a:mozilla:thunderbird:1.5.0.8

* cpe:/a:mozilla:thunderbird:1.5

* cpe:/a:mozilla:thunderbird:1.0.8

* cpe:/a:mozilla:thunderbird:1.0.7

* cpe:/a:mozilla:thunderbird:1.0.6

* cpe:/a:mozilla:thunderbird:1.0.5

* cpe:/a:mozilla:thunderbird:1.0.4

* cpe:/a:mozilla:thunderbird:1.0.3

* cpe:/a:mozilla:thunderbird:1.0.2

* cpe:/a:mozilla:thunderbird:1.0.1

* cpe:/a:mozilla:thunderbird:1.0

Configuration 3

* cpe:/a:mozilla:seamonkey:1.0.6

* cpe:/a:mozilla:seamonkey:1.0.5

* cpe:/a:mozilla:seamonkey:1.0.4

* cpe:/a:mozilla:seamonkey:1.0.3

* cpe:/a:mozilla:seamonkey:1.0.2

* cpe:/a:mozilla:seamonkey:1.0.1

* cpe:/a:mozilla:seamonkey:1.0

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

Insufficient Information (NVD-CWE-noinfo)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6498