CVE-2006-6501 - Vulnerability Details

Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.26235.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical Subscribe	Ubuntu Linux Subscribe
Debian Subscribe	Debian Linux Subscribe
Mozilla Subscribe	Firefox Subscribe Seamonkey Subscribe Thunderbird Subscribe
Redhat Subscribe	Enterprise Linux Subscribe

Configuration 1 [-]

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:seamonkey::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:3.1:::::::*
	cpe:2.3:o:debian:debian_linux:4.0:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:5.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:6.10:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 2.1
seamonkey-0:1.0.7-0.1.el2	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2006:0759	2006-12-19T00:00:00Z
Red Hat Enterprise Linux 3
seamonkey-0:1.0.7-0.1.el3	cpe:/o:redhat:enterprise_linux:3	RHSA-2006:0759	2006-12-19T00:00:00Z
Red Hat Enterprise Linux 4
firefox-0:1.5.0.9-0.1.el4	cpe:/o:redhat:enterprise_linux:4	RHSA-2006:0758	2006-12-19T00:00:00Z
devhelp-0:0.10-0.6.el4	cpe:/o:redhat:enterprise_linux:4	RHSA-2006:0759	2006-12-19T00:00:00Z
seamonkey-0:1.0.7-0.1.el4	cpe:/o:redhat:enterprise_linux:4	RHSA-2006:0759	2006-12-19T00:00:00Z
thunderbird-0:1.5.0.9-0.1.el4	cpe:/o:redhat:enterprise_linux:4	RHSA-2006:0760	2006-12-19T00:00:00Z

No data.

Advisories

Source	ID	Title
Debian DSA	DSA-1253-1	New Mozilla Firefox packages fix several vulnerabilities
Debian DSA	DSA-1258-1	New Mozilla Firefox packages fix several vulnerabilities
Debian DSA	DSA-1265-1	New Mozilla packages fix several vulnerabilities
Ubuntu USN	USN-398-1	Firefox vulnerabilities
Ubuntu USN	USN-398-2	Firefox vulnerabilities
Ubuntu USN	USN-400-1	Thunderbird vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc
http://fedoranews.org/cms/node/2297
http://fedoranews.org/cms/node/2338
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://rhn.redhat.com/errata/RHSA-2006-0758.html
http://rhn.redhat.com/errata/RHSA-2006-0759.html
http://rhn.redhat.com/errata/RHSA-2006-0760.html
http://secunia.com/advisories/23282
http://secunia.com/advisories/23420
http://secunia.com/advisories/23422
http://secunia.com/advisories/23433
http://secunia.com/advisories/23439
http://secunia.com/advisories/23440
http://secunia.com/advisories/23468
http://secunia.com/advisories/23514
http://secunia.com/advisories/23545
http://secunia.com/advisories/23589
http://secunia.com/advisories/23591
http://secunia.com/advisories/23598
http://secunia.com/advisories/23601
http://secunia.com/advisories/23614
http://secunia.com/advisories/23618
http://secunia.com/advisories/23672
http://secunia.com/advisories/23692
http://secunia.com/advisories/23988
http://secunia.com/advisories/24078
http://secunia.com/advisories/24390
http://security.gentoo.org/glsa/glsa-200701-02.xml
http://securitytracker.com/id?1017403
http://securitytracker.com/id?1017404
http://securitytracker.com/id?1017407
http://www.debian.org/security/2007/dsa-1253
http://www.debian.org/security/2007/dsa-1258
http://www.debian.org/security/2007/dsa-1265
http://www.gentoo.org/security/en/glsa/glsa-200701-03.xml
http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml
http://www.kb.cert.org/vuls/id/263412
http://www.mandriva.com/security/advisories?name=MDKSA-2007:010
http://www.mandriva.com/security/advisories?name=MDKSA-2007:011
http://www.mozilla.org/security/announce/2006/mfsa2006-70.html
http://www.novell.com/linux/security/advisories/2006_80_mozilla.html
http://www.novell.com/linux/security/advisories/2007_06_mozilla.html
http://www.securityfocus.com/archive/1/455145/100/0/threaded
http://www.securityfocus.com/archive/1/455728/100/200/threaded
http://www.securityfocus.com/bid/21668
http://www.ubuntu.com/usn/usn-398-1
http://www.ubuntu.com/usn/usn-398-2
http://www.ubuntu.com/usn/usn-400-1
http://www.us-cert.gov/cas/techalerts/TA06-354A.html
http://www.vupen.com/english/advisories/2006/5068
http://www.vupen.com/english/advisories/2008/0083
https://issues.rpath.com/browse/RPL-883
https://nvd.nist.gov/vuln/detail/CVE-2006-6501
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9746
https://www.cve.org/CVERecord?id=CVE-2006-6501

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2006-12-20T01:00:00

Updated: 2024-08-07T20:26:46.562Z

Reserved: 2006-12-13T00:00:00

Link: CVE-2006-6501

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-12-20T01:28:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2006-6501

Redhat

Severity : Critical

Publid Date: 2006-12-19T19:00:00Z

Links: CVE-2006-6501 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-264

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Projects

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object