You are here

CVE-2006-2779

Vincent (CVE) Danen's picture
Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption.

Details Source

Mitre

Public Date

2006-06-02 00:00:00

Impact

Critical

CVSS Status

draft

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 4 RHSA-2006:0609 2006-08-02
Red Hat Enterprise Linux 2.1 RHSA-2006:0594 2006-08-28
Red Hat Enterprise Linux 4 (thunderbird) RHSA-2006:0611 2006-07-29
Red Hat Enterprise Linux 3 (seamonkey) RHSA-2006:0578 2006-07-20
Red Hat Enterprise Linux 4 (firefox) RHSA-2006:0610 2006-07-28

Affected Packages State

Platform Package State
Red Hat Enterprise Linux version 4 seamonkey 1.0.3-0.el4.1 Fixed
Red Hat Enterprise Linux version 4 devhelp 0.10-0.2.el4 Fixed