CVE-2006-6503 - Vulnerability Details

Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to bypass cross-site scripting (XSS) protection by changing the src attribute of an IMG element to a javascript: URI.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.10286.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux
Debian	Debian Linux
Mozilla	Firefox Seamonkey Thunderbird
Redhat	Enterprise Linux

Configuration 1 [-]

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:seamonkey::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:3.1:::::::*
	cpe:2.3:o:debian:debian_linux:4.0:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:5.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:6.10:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 2.1
seamonkey-0:1.0.7-0.1.el2	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2006:0759	2006-12-19T00:00:00Z
Red Hat Enterprise Linux 3
seamonkey-0:1.0.7-0.1.el3	cpe:/o:redhat:enterprise_linux:3	RHSA-2006:0759	2006-12-19T00:00:00Z
Red Hat Enterprise Linux 4
firefox-0:1.5.0.9-0.1.el4	cpe:/o:redhat:enterprise_linux:4	RHSA-2006:0758	2006-12-19T00:00:00Z
devhelp-0:0.10-0.6.el4	cpe:/o:redhat:enterprise_linux:4	RHSA-2006:0759	2006-12-19T00:00:00Z
seamonkey-0:1.0.7-0.1.el4	cpe:/o:redhat:enterprise_linux:4	RHSA-2006:0759	2006-12-19T00:00:00Z
thunderbird-0:1.5.0.9-0.1.el4	cpe:/o:redhat:enterprise_linux:4	RHSA-2006:0760	2006-12-19T00:00:00Z

No data.

Advisories

Source	ID	Title
Debian DSA	DSA-1253-1	New Mozilla Firefox packages fix several vulnerabilities
Debian DSA	DSA-1258-1	New Mozilla Firefox packages fix several vulnerabilities
Debian DSA	DSA-1265-1	New Mozilla packages fix several vulnerabilities
Ubuntu USN	USN-398-1	Firefox vulnerabilities
Ubuntu USN	USN-398-2	Firefox vulnerabilities
Ubuntu USN	USN-400-1	Thunderbird vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc
http://fedoranews.org/cms/node/2297
http://fedoranews.org/cms/node/2338
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://rhn.redhat.com/errata/RHSA-2006-0758.html
http://rhn.redhat.com/errata/RHSA-2006-0759.html
http://rhn.redhat.com/errata/RHSA-2006-0760.html
http://secunia.com/advisories/23282
http://secunia.com/advisories/23420
http://secunia.com/advisories/23422
http://secunia.com/advisories/23433
http://secunia.com/advisories/23439
http://secunia.com/advisories/23440
http://secunia.com/advisories/23468
http://secunia.com/advisories/23514
http://secunia.com/advisories/23545
http://secunia.com/advisories/23589
http://secunia.com/advisories/23591
http://secunia.com/advisories/23598
http://secunia.com/advisories/23601
http://secunia.com/advisories/23614
http://secunia.com/advisories/23618
http://secunia.com/advisories/23672
http://secunia.com/advisories/23692
http://secunia.com/advisories/23988
http://secunia.com/advisories/24078
http://secunia.com/advisories/24390
http://security.gentoo.org/glsa/glsa-200701-02.xml
http://securitytracker.com/id?1017414
http://securitytracker.com/id?1017415
http://securitytracker.com/id?1017416
http://www.debian.org/security/2007/dsa-1253
http://www.debian.org/security/2007/dsa-1258
http://www.debian.org/security/2007/dsa-1265
http://www.gentoo.org/security/en/glsa/glsa-200701-03.xml
http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml
http://www.kb.cert.org/vuls/id/405092
http://www.mandriva.com/security/advisories?name=MDKSA-2007:010
http://www.mandriva.com/security/advisories?name=MDKSA-2007:011
http://www.mozilla.org/security/announce/2006/mfsa2006-72.html
http://www.novell.com/linux/security/advisories/2006_80_mozilla.html
http://www.novell.com/linux/security/advisories/2007_06_mozilla.html
http://www.securityfocus.com/archive/1/455145/100/0/threaded
http://www.securityfocus.com/archive/1/455728/100/200/threaded
http://www.securityfocus.com/bid/21668
http://www.ubuntu.com/usn/usn-398-1
http://www.ubuntu.com/usn/usn-398-2
http://www.ubuntu.com/usn/usn-400-1
http://www.us-cert.gov/cas/techalerts/TA06-354A.html
http://www.vupen.com/english/advisories/2006/5068
http://www.vupen.com/english/advisories/2008/0083
https://issues.rpath.com/browse/RPL-883
https://nvd.nist.gov/vuln/detail/CVE-2006-6503
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10895
https://www.cve.org/CVERecord?id=CVE-2006-6503

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2006-12-20T01:00:00

Updated: 2024-08-07T20:26:46.588Z

Reserved: 2006-12-13T00:00:00

Link: CVE-2006-6503

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-12-20T01:28:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2006-6503

Redhat

Severity : Moderate

Publid Date: 2006-12-19T19:00:00Z

Links: CVE-2006-6503 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object