CVE-2006-6500 — MEDIUM (6.8)

Q: How severe is CVE-2006-6500?

CVE-2006-6500 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2006-6500?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Seamonkey, Mozilla Thunderbird, Debian Debian Linux, Canonical Ubuntu Linux.

Vulnerability Description

Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by setting the CSS cursor to certain images that cause an incorrect size calculation when converting to a Windows bitmap.

CVSS Score

6.8

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Mozilla	Firefox	>= 1.5, < 1.5.0.9
Mozilla	Seamonkey	< 1.0.7
Mozilla	Thunderbird	< 1.5.0.9
Debian	Debian Linux	3.1
Canonical	Ubuntu Linux	5.10

Related Weaknesses (CWE)

CWE-119

References

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742Broken Link
http://secunia.com/advisories/23282Third Party Advisory
http://secunia.com/advisories/23420Third Party Advisory
http://secunia.com/advisories/23422Third Party Advisory
http://secunia.com/advisories/23545Third Party Advisory
http://secunia.com/advisories/23598Third Party Advisory
http://secunia.com/advisories/23614Third Party Advisory
http://secunia.com/advisories/23672Third Party Advisory
http://secunia.com/advisories/23692Third Party Advisory
http://security.gentoo.org/glsa/glsa-200701-02.xmlThird Party Advisory
http://securitytracker.com/id?1017399Third Party AdvisoryVDB Entry
http://securitytracker.com/id?1017400Third Party AdvisoryVDB Entry
http://securitytracker.com/id?1017401Third Party AdvisoryVDB Entry
http://www.gentoo.org/security/en/glsa/glsa-200701-03.xmlThird Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200701-04.xmlThird Party Advisory

FAQ

What is CVE-2006-6500?

CVE-2006-6500 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (cra...

How severe is CVE-2006-6500?

CVE-2006-6500 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2006-6500?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Seamonkey, Mozilla Thunderbird, Debian Debian Linux, Canonical Ubuntu Linux.