Vulnerabilities > CVE-2006-6499 - Infinite Loop vulnerability in multiple products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
mozilla
debian
canonical
CWE-835
nessus
NVD
Published: 2006-12-20
Updated: 2023-12-22

Summary

The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision.

Vulnerable Configurations

Part Description Count
Application
Mozilla
52
OS
Debian
2
OS
Canonical
3

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_120671.NASL
    descriptionMozilla 1.7 for Solaris 8 and 9. Date this patch was last updated by Sun : Aug/29/08
    last seen2020-06-01
    modified2020-06-02
    plugin id24403
    published2007-02-18
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24403
    titleSolaris 9 (sparc) : 120671-08
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text in this plugin was
# extracted from the Oracle SunOS Patch Updates.
#
include("compat.inc");

if (description)
{
  script_id(24403);
  script_version("1.26");
  script_cvs_date("Date: 2019/10/25 13:36:25");

  script_cve_id("CVE-2005-4134", "CVE-2006-0292", "CVE-2006-0293", "CVE-2006-0294", "CVE-2006-0295", "CVE-2006-0296", "CVE-2006-0297", "CVE-2006-0298", "CVE-2006-0299", "CVE-2006-0748", "CVE-2006-0749", "CVE-2006-0884", "CVE-2006-1529", "CVE-2006-1530", "CVE-2006-1531", "CVE-2006-1723", "CVE-2006-1724", "CVE-2006-1725", "CVE-2006-1726", "CVE-2006-1727", "CVE-2006-1728", "CVE-2006-1729", "CVE-2006-1730", "CVE-2006-1731", "CVE-2006-1732", "CVE-2006-1733", "CVE-2006-1734", "CVE-2006-1735", "CVE-2006-1736", "CVE-2006-1737", "CVE-2006-1738", "CVE-2006-1739", "CVE-2006-1740", "CVE-2006-1741", "CVE-2006-1742", "CVE-2006-1790", "CVE-2006-2779", "CVE-2006-2780", "CVE-2006-5463", "CVE-2006-6498", "CVE-2006-6499");

  script_name(english:"Solaris 9 (sparc) : 120671-08");
  script_summary(english:"Check for patch 120671-08");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote host is missing Sun Security Patch number 120671-08"
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Mozilla 1.7 for Solaris 8 and 9.
Date this patch was last updated by Sun : Aug/29/08"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://getupdates.oracle.com/readme/120671-08"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"You should install this patch for your system to be up-to-date."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Firefox location.QueryInterface() Code Execution');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_cwe_id(20, 79, 94, 119, 189, 264, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris");

  script_set_attribute(attribute:"patch_publication_date", value:"2008/08/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/18");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
  script_family(english:"Solaris Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("solaris.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"120671-08", obsoleted_by:"", package:"SUNWmoznav", version:"1.7,REV=10.2005.12.08") < 0) flag++;
if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"120671-08", obsoleted_by:"", package:"SUNWmozmail", version:"1.7,REV=10.2005.12.08") < 0) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());
  else security_hole(0);
  exit(0);
}
audit(AUDIT_HOST_NOT, "affected");
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-398-4.NASL
    descriptionUSN-398-2 fixed vulnerabilities in Firefox 1.5. However, when auto-filling saved-password login forms without a username field, Firefox would crash. This update fixes the problem. We apologize for the inconvenience. Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page containing JavaScript or SVG. (CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, CVE-2006-6504) Various flaws have been reported that allow an attacker to bypass Firefox
    last seen2020-06-01
    modified2020-06-02
    plugin id27986
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27986
    titleUbuntu 5.10 / 6.06 LTS : firefox regression (USN-398-4)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_X86_120672.NASL
    descriptionMozilla 1.7_x86 for Solaris 8 and 9. Date this patch was last updated by Sun : Sep/02/08
    last seen2020-06-01
    modified2020-06-02
    plugin id23773
    published2006-12-06
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/23773
    titleSolaris 9 (x86) : 120672-08
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_X86_120672.NASL
    descriptionMozilla 1.7_x86 for Solaris 8 and 9. Date this patch was last updated by Sun : Sep/02/08
    last seen2020-06-01
    modified2020-06-02
    plugin id23772
    published2006-12-06
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/23772
    titleSolaris 8 (x86) : 120672-08
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200701-04.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200701-04 (SeaMonkey: Multiple vulnerabilities) An anonymous researcher found evidence of memory corruption in the way SeaMonkey handles certain types of SVG comment DOM nodes. Georgi Guninski and David Bienvenu discovered buffer overflows in the processing of long
    last seen2020-06-01
    modified2020-06-02
    plugin id24008
    published2007-01-11
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24008
    titleGLSA-200701-04 : SeaMonkey: Multiple vulnerabilities
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200701-02.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200701-02 (Mozilla Firefox: Multiple vulnerabilities) An anonymous researcher found evidence of memory corruption in the way Mozilla Firefox handles certain types of SVG comment DOM nodes. Additionally, Frederik Reiss discovered a heap-based buffer overflow in the conversion of a CSS cursor. Other issues with memory corruption were also fixed. Mozilla Firefox also contains less severe vulnerabilities involving JavaScript and Java. Impact : An attacker could entice a user to view a specially crafted web page that will trigger one of the vulnerabilities, possibly leading to the execution of arbitrary code. It is also possible for an attacker to perform cross-site scripting attacks, leading to the exposure of sensitive information, like user credentials. Workaround : There are no known workarounds for all the issues at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id23991
    published2007-01-08
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/23991
    titleGLSA-200701-02 : Mozilla Firefox: Multiple vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLATHUNDERBIRD-2421.NASL
    descriptionThis security update brings Mozilla Thunderbird to version 1.5.0.9. http://www.mozilla.org/projects/security/known-vulnerabilities.html It includes fixes to the following security problems: CVE-2006-6497/MFSA2006-68: Crashes with evidence of memory corruption were fixed in the layout engine. CVE-2006-6498/MFSA2006-68: Crashes with evidence of memory corruption were fixed in the JavaScript engine. CVE-2006-6499/MFSA2006-68: Crashes regarding floating point usage were fixed. CVE-2006-6500/MFSA2006-69: This issue only affects Windows systems, Linux is not affected. CVE-2006-6501/MFSA2006-70: A privilege escalation using a watch point was fixed. CVE-2006-6502/MFSA2006-71: A LiveConnect crash finalizing JS objects was fixed. CVE-2006-6503/MFSA2006-72: A XSS problem caused by setting img.src to javascript: URI was fixed. CVE-2006-6504/MFSA2006-73: A Mozilla SVG Processing Remote Code Execution was fixed. CVE-2006-6505/MFSA2006-74: Some Mail header processing heap overflows were fixed. CVE-2006-6506/MFSA2006-75: The RSS Feed-preview referrer leak was fixed. CVE-2006-6507/MFSA2006-76: A XSS problem using outer window
    last seen2020-06-01
    modified2020-06-02
    plugin id27128
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27128
    titleopenSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-2421)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-398-1.NASL
    descriptionVarious flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page containing JavaScript or SVG. (CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, CVE-2006-6504) Various flaws have been reported that allow an attacker to bypass Firefox
    last seen2020-06-01
    modified2020-06-02
    plugin id27984
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27984
    titleUbuntu 6.10 : firefox vulnerabilities (USN-398-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLAFIREFOX-2423.NASL
    descriptionThis update brings MozillaFirefox to the security update release 1.5.0.9, including the following security fixes. http://www.mozilla.org/projects/security/known-vulnerabilities.html - Crashes with evidence of memory corruption were fixed in the layout engine. CVE-2006-6498 / MFSA 2006-68: Crashes with evidence of memory corruption were fixed in the JavaScript engine. CVE-2006-6499 / MFSA 2006-68: Crashes regarding floating point usage were fixed. CVE-2006-6500 / MFSA 2006-69: This issue only affects Windows systems, Linux is not affected. CVE-2006-6501 / MFSA 2006-70: A privilege escalation using a watch point was fixed. CVE-2006-6502 / MFSA 2006-71: A LiveConnect crash finalizing JS objects was fixed. CVE-2006-6503 / MFSA 2006-72: A XSS problem caused by setting img.src to javascript: URI was fixed. CVE-2006-6504 / MFSA 2006-73: A Mozilla SVG Processing Remote Code Execution was fixed. CVE-2006-6505 / MFSA 2006-74: Some Mail header processing heap overflows were fixed. CVE-2006-6506 / MFSA 2006-75: The RSS Feed-preview referrer leak was fixed. CVE-2006-6507 / MFSA 2006-76: A XSS problem using outer window
    last seen2020-06-01
    modified2020-06-02
    plugin id29358
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29358
    titleSuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 2423)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_119116.NASL
    descriptionMozilla 1.7_x86 patch. Date this patch was last updated by Sun : Aug/05/09 This plugin has been deprecated and either replaced with individual 119116 patch-revision plugins, or deemed non-security related.
    last seen2019-02-21
    modified2018-07-30
    plugin id22987
    published2006-11-06
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=22987
    titleSolaris 10 (x86) : 119116-35 (deprecated)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1253.NASL
    descriptionSeveral security related problems have been discovered in Mozilla and derived products such as Mozilla Firefox. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2006-6497 Several vulnerabilities in the layout engine allow remote attackers to cause a denial of service and possibly permit them to execute arbitrary code. [MFSA 2006-68] - CVE-2006-6498 Several vulnerabilities in the JavaScript engine allow remote attackers to cause a denial of service and possibly permit them to execute arbitrary code. [MFSA 2006-68] - CVE-2006-6499 A bug in the js_dtoa function allows remote attackers to cause a denial of service. [MFSA 2006-68] - CVE-2006-6501
    last seen2020-06-01
    modified2020-06-02
    plugin id24292
    published2007-02-09
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24292
    titleDebian DSA-1253-1 : mozilla-firefox - several vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-400-1.NASL
    descriptionGeorgi Guninski and David Bienvenu discovered that long Content-Type and RFC2047-encoded headers we vulnerable to heap overflows. By tricking the user into opening a specially crafted email, an attacker could execute arbitrary code with user privileges. (CVE-2006-6506) Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges or bypass internal XSS protections by tricking the user into opening a malicious email containing JavaScript. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it. (CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id27988
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27988
    titleUbuntu 5.10 / 6.06 LTS / 6.10 : mozilla-thunderbird vulnerabilities (USN-400-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-398-2.NASL
    descriptionUSN-398-1 fixed vulnerabilities in Firefox 2.0. This update provides the corresponding updates for Firefox 1.5. Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page containing JavaScript or SVG. (CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, CVE-2006-6504) Various flaws have been reported that allow an attacker to bypass Firefox
    last seen2020-06-01
    modified2020-06-02
    plugin id27985
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27985
    titleUbuntu 5.10 / 6.06 LTS : firefox vulnerabilities (USN-398-2)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1258.NASL
    descriptionSeveral security related problems have been discovered in Mozilla and derived products such as Mozilla Firefox. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2006-6497 Several vulnerabilities in the layout engine allow remote attackers to cause a denial of service and possibly permit them to execute arbitrary code. [MFSA 2006-68] - CVE-2006-6498 Several vulnerabilities in the JavaScript engine allow remote attackers to cause a denial of service and possibly permit them to execute arbitrary code. [MFSA 2006-68] - CVE-2006-6499 A bug in the js_dtoa function allows remote attackers to cause a denial of service. [MFSA 2006-68] - CVE-2006-6501
    last seen2020-06-01
    modified2020-06-02
    plugin id24297
    published2007-02-09
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24297
    titleDebian DSA-1258-1 : mozilla-thunderbird - several vulnerabilities
  • NASL familyWindows
    NASL idSEAMONKEY_107.NASL
    descriptionThe installed version of SeaMonkey contains various security issues, some of which may lead to execution of arbitrary code on the affected host subject to the user
    last seen2020-06-01
    modified2020-06-02
    plugin id23928
    published2006-12-20
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/23928
    titleSeaMonkey < 1.0.7 Multiple Vulnerabilities
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_120671.NASL
    descriptionMozilla 1.7 for Solaris 8 and 9. Date this patch was last updated by Sun : Aug/29/08
    last seen2020-06-01
    modified2020-06-02
    plugin id24395
    published2007-02-18
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24395
    titleSolaris 8 (sparc) : 120671-08
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_119115.NASL
    descriptionMozilla 1.7 patch. Date this patch was last updated by Sun : Sep/13/14 This plugin has been deprecated and either replaced with individual 119115 patch-revision plugins, or deemed non-security related.
    last seen2019-02-21
    modified2018-07-30
    plugin id22954
    published2006-11-06
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=22954
    titleSolaris 10 (sparc) : 119115-36 (deprecated)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SEAMONKEY-2432.NASL
    descriptionThis security update brings Mozilla SeaMonkey to version 1.0.7. http://www.mozilla.org/projects/security/known-vulnerabilities.html for more details. It includes fixes to the following security problems: CVE-2006-6497/MFSA2006-68: Crashes with evidence of memory corruption were fixed in the layout engine. CVE-2006-6498/MFSA2006-68: Crashes with evidence of memory corruption were fixed in the JavaScript engine. CVE-2006-6499/MFSA2006-68: Crashes regarding floating point usage were fixed. CVE-2006-6500/MFSA2006-69: This issue only affects Windows systems, Linux is not affected. CVE-2006-6501/MFSA2006-70: A privilege escalation using a watch point was fixed. CVE-2006-6502/MFSA2006-71: A LiveConnect crash finalizing JS objects was fixed. CVE-2006-6503/MFSA2006-72: A XSS problem caused by setting img.src to javascript: URI was fixed. CVE-2006-6504/MFSA2006-73: A Mozilla SVG Processing Remote Code Execution was fixed. CVE-2006-6505/MFSA2006-74: Some Mail header processing heap overflows were fixed. CVE-2006-6506/MFSA2006-75: The RSS Feed-preview referrer leak was fixed. CVE-2006-6507/MFSA2006-76: A XSS problem using outer window
    last seen2020-06-01
    modified2020-06-02
    plugin id27438
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27438
    titleopenSUSE 10 Security Update : seamonkey (seamonkey-2432)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_1509.NASL
    descriptionThe installed version of Firefox is affected by various security issues, some of which could lead to execution of arbitrary code on the affected host subject to the user
    last seen2020-06-01
    modified2020-06-02
    plugin id23930
    published2006-12-20
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/23930
    titleFirefox < 1.5.0.9 / 2.0.0.1 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLAFIREFOX-2418.NASL
    descriptionThis update brings MozillaFirefox to the security update release 1.5.0.9 (2.0.0.1 for openSUSE 10.2) and includes the following security fixes : http://www.mozilla.org/projects/security/known-vulnerabilities.html CVE-2006-6497/MFSA2006-68: Crashes with evidence of memory corruption were fixed in the layout engine. CVE-2006-6498/MFSA2006-68: Crashes with evidence of memory corruption were fixed in the JavaScript engine. CVE-2006-6499/MFSA2006-68: Crashes regarding floating point usage were fixed. CVE-2006-6500/MFSA2006-69: This issue only affects Windows systems, Linux is not affected. CVE-2006-6501/MFSA2006-70: A privilege escalation using a watch point was fixed. CVE-2006-6502/MFSA2006-71: A LiveConnect crash finalizing JS objects was fixed. CVE-2006-6503/MFSA2006-72: A XSS problem caused by setting img.src to javascript: URI was fixed. CVE-2006-6504/MFSA2006-73: A Mozilla SVG Processing Remote Code Execution was fixed. CVE-2006-6505/MFSA2006-74: Some Mail header processing heap overflows were fixed. CVE-2006-6506/MFSA2006-75: The RSS Feed-preview referrer leak was fixed. CVE-2006-6507/MFSA2006-76: A XSS problem using outer window
    last seen2020-06-01
    modified2020-06-02
    plugin id27117
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27117
    titleopenSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-2418)
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_1509.NASL
    descriptionThe remote version of Mozilla Thunderbird suffers from various security issues, at least one of which could lead to execution of arbitrary code on the affected host.
    last seen2020-06-01
    modified2020-06-02
    plugin id23929
    published2006-12-20
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/23929
    titleMozilla Thunderbird < 1.5.0.9 Multiple Vulnerabilities
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1265.NASL
    descriptionSeveral security related problems have been discovered in Mozilla and derived products. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2006-6497 Several vulnerabilities in the layout engine allow remote attackers to cause a denial of service and possibly permit them to execute arbitrary code. [MFSA 2006-68] - CVE-2006-6498 Several vulnerabilities in the JavaScript engine allow remote attackers to cause a denial of service and possibly permit them to execute arbitrary code. [MFSA 2006-68] - CVE-2006-6499 A bug in the js_dtoa function allows remote attackers to cause a denial of service. [MFSA 2006-68] - CVE-2006-6501
    last seen2020-06-01
    modified2020-06-02
    plugin id24794
    published2007-03-12
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24794
    titleDebian DSA-1265-1 : mozilla - several vulnerabilities

References