Vulnerability Description
Mozilla Firefox 2.0, possibly only when running on Windows, allows remote attackers to bypass the Phishing Protection mechanism by representing an IP address in (1) dotted-hex, (2) dotted-octal, (3) single decimal integer, (4) single hex integer, or (5) single octal integer format, which is not captured by the blacklist filter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | 2.0.0.1 |
Related Weaknesses (CWE)
References
- http://sla.ckers.org/forum/read.php?13%2C2253
- https://bugzilla.mozilla.org/show_bug.cgi?id=356355Exploit
- http://sla.ckers.org/forum/read.php?13%2C2253
- https://bugzilla.mozilla.org/show_bug.cgi?id=356355Exploit
FAQ
What is CVE-2006-6971?
CVE-2006-6971 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Mozilla Firefox 2.0, possibly only when running on Windows, allows remote attackers to bypass the Phishing Protection mechanism by representing an IP address in (1) dotted-hex, (2) dotted-octal, (3) s...
How severe is CVE-2006-6971?
CVE-2006-6971 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-6971?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox.