Vulnerability Description
Multiple heap-based buffer overflows in Mozilla Thunderbird before 1.5.0.9 and SeaMonkey before 1.0.7 allow remote attackers to execute arbitrary code via (1) external message modies with long Content-Type headers or (2) long RFC2047-encoded (MIME non-ASCII) headers.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Seamonkey | <= 1.0.6 |
| Mozilla | Thunderbird | <= 1.5.0.8 |
References
- ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc
- http://fedoranews.org/cms/node/2297
- http://fedoranews.org/cms/node/2338
- http://rhn.redhat.com/errata/RHSA-2006-0759.html
- http://rhn.redhat.com/errata/RHSA-2006-0760.html
- http://secunia.com/advisories/23420
- http://secunia.com/advisories/23422
- http://secunia.com/advisories/23433
- http://secunia.com/advisories/23439
- http://secunia.com/advisories/23468
- http://secunia.com/advisories/23514
- http://secunia.com/advisories/23545
- http://secunia.com/advisories/23591
- http://secunia.com/advisories/23598
- http://secunia.com/advisories/23601
FAQ
What is CVE-2006-6505?
CVE-2006-6505 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Multiple heap-based buffer overflows in Mozilla Thunderbird before 1.5.0.9 and SeaMonkey before 1.0.7 allow remote attackers to execute arbitrary code via (1) external message modies with long Content...
How severe is CVE-2006-6505?
CVE-2006-6505 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-6505?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Seamonkey, Mozilla Thunderbird.