CVE-2006-0749 — HIGH (9.3) — White Hats Nepal

Q: How severe is CVE-2006-0749?

CVE-2006-0749 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2006-0749?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Mozilla Suite, Mozilla Seamonkey, Mozilla Thunderbird.

Vulnerability Description

nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors involving a "particular sequence of HTML tags" that leads to memory corruption.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Mozilla	Firefox	>= 1.0, < 1.5
Mozilla	Mozilla Suite	< 1.7.13
Mozilla	Seamonkey	< 1.0
Mozilla	Thunderbird	>= 1.0, < 1.0.8

Related Weaknesses (CWE)

CWE-399

References

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txtThird Party Advisory
ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.ascBroken Link
http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.htmlBroken Link
http://secunia.com/advisories/19631Third Party Advisory
http://secunia.com/advisories/19696Third Party Advisory
http://secunia.com/advisories/19714Third Party Advisory
http://secunia.com/advisories/19721Third Party Advisory
http://secunia.com/advisories/19729Third Party Advisory
http://secunia.com/advisories/19746Third Party Advisory
http://secunia.com/advisories/19759Third Party Advisory
http://secunia.com/advisories/19780Third Party Advisory
http://secunia.com/advisories/19794Third Party Advisory
http://secunia.com/advisories/19811Third Party Advisory
http://secunia.com/advisories/19821Third Party Advisory
http://secunia.com/advisories/19823Third Party Advisory

FAQ

What is CVE-2006-0749?

CVE-2006-0749 is a vulnerability with a CVSS score of 9.3 (HIGH). nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of servi...

How severe is CVE-2006-0749?

CVE-2006-0749 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2006-0749?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Mozilla Suite, Mozilla Seamonkey, Mozilla Thunderbird.