Vulnerability Description
Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | 0.8 |
| Mozilla | Thunderbird | 0.6 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2006-0609.htmlVendor Advisory
- http://secunia.com/advisories/20376PatchVendor Advisory
- http://secunia.com/advisories/20382PatchVendor Advisory
- http://secunia.com/advisories/20561PatchVendor Advisory
- http://secunia.com/advisories/20709
- http://secunia.com/advisories/21134Vendor Advisory
- http://secunia.com/advisories/21176Vendor Advisory
- http://secunia.com/advisories/21178Vendor Advisory
- http://secunia.com/advisories/21183Vendor Advisory
- http://secunia.com/advisories/21188Vendor Advisory
- http://secunia.com/advisories/21210Vendor Advisory
- http://secunia.com/advisories/21269Vendor Advisory
- http://secunia.com/advisories/21270Vendor Advisory
- http://secunia.com/advisories/21324Vendor Advisory
- http://secunia.com/advisories/21336Vendor Advisory
FAQ
What is CVE-2006-2779?
CVE-2006-2779 is a vulnerability with a CVSS score of 9.3 (HIGH). Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNo...
How severe is CVE-2006-2779?
CVE-2006-2779 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2779?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Thunderbird.