CVE-2006-6504 - Vulnerability Details

Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux
Mozilla	Firefox Seamonkey
Redhat	Enterprise Linux

Configuration 1 [-]

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:seamonkey::::::::

Configuration 2 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:5.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:6.10:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 2.1
seamonkey-0:1.0.7-0.1.el2	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2006:0759	2006-12-19T00:00:00Z
Red Hat Enterprise Linux 3
seamonkey-0:1.0.7-0.1.el3	cpe:/o:redhat:enterprise_linux:3	RHSA-2006:0759	2006-12-19T00:00:00Z
Red Hat Enterprise Linux 4
firefox-0:1.5.0.9-0.1.el4	cpe:/o:redhat:enterprise_linux:4	RHSA-2006:0758	2006-12-19T00:00:00Z
devhelp-0:0.10-0.6.el4	cpe:/o:redhat:enterprise_linux:4	RHSA-2006:0759	2006-12-19T00:00:00Z
seamonkey-0:1.0.7-0.1.el4	cpe:/o:redhat:enterprise_linux:4	RHSA-2006:0759	2006-12-19T00:00:00Z
thunderbird-0:1.5.0.9-0.1.el4	cpe:/o:redhat:enterprise_linux:4	RHSA-2006:0760	2006-12-19T00:00:00Z

References

Link	Providers
ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc
http://fedoranews.org/cms/node/2297
http://fedoranews.org/cms/node/2338
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://rhn.redhat.com/errata/RHSA-2006-0758.html
http://rhn.redhat.com/errata/RHSA-2006-0759.html
http://rhn.redhat.com/errata/RHSA-2006-0760.html
http://secunia.com/advisories/23282
http://secunia.com/advisories/23422
http://secunia.com/advisories/23433
http://secunia.com/advisories/23439
http://secunia.com/advisories/23440
http://secunia.com/advisories/23468
http://secunia.com/advisories/23514
http://secunia.com/advisories/23545
http://secunia.com/advisories/23589
http://secunia.com/advisories/23601
http://secunia.com/advisories/23614
http://secunia.com/advisories/23618
http://secunia.com/advisories/23672
http://secunia.com/advisories/23692
http://security.gentoo.org/glsa/glsa-200701-02.xml
http://securitytracker.com/id?1017417
http://securitytracker.com/id?1017418
http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml
http://www.kb.cert.org/vuls/id/928956
http://www.mandriva.com/security/advisories?name=MDKSA-2007:010
http://www.mozilla.org/security/announce/2006/mfsa2006-73.html
http://www.novell.com/linux/security/advisories/2006_80_mozilla.html
http://www.novell.com/linux/security/advisories/2007_06_mozilla.html
http://www.securityfocus.com/archive/1/454939/100/0/threaded
http://www.securityfocus.com/archive/1/455145/100/0/threaded
http://www.securityfocus.com/archive/1/455728/100/200/threaded
http://www.securityfocus.com/bid/21668
http://www.ubuntu.com/usn/usn-398-1
http://www.ubuntu.com/usn/usn-398-2
http://www.us-cert.gov/cas/techalerts/TA06-354A.html
http://www.vupen.com/english/advisories/2006/5068
http://www.vupen.com/english/advisories/2008/0083
http://www.zerodayinitiative.com/advisories/ZDI-06-051.html
https://issues.rpath.com/browse/RPL-883
https://nvd.nist.gov/vuln/detail/CVE-2006-6504
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11077
https://www.cve.org/CVERecord?id=CVE-2006-6504

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2006-12-20T01:00:00

Updated: 2024-08-07T20:26:46.543Z

Reserved: 2006-12-13T00:00:00

Link: CVE-2006-6504

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-12-20T01:28:00.000

Modified: 2024-11-21T00:22:50.623

Link: CVE-2006-6504

Redhat

Severity : Critical

Publid Date: 2006-12-19T19:00:00Z

Links: CVE-2006-6504 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-12-19T00:00:00", "descriptions": [{"lang": "en", "value": "Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "21668", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21668"}, {"name": "23433", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23433"}, {"name": "MDKSA-2007:010", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:010"}, {"name": "23439", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23439"}, {"name": "23672", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23672"}, {"name": "ADV-2006-5068", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/5068"}, {"name": "23468", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23468"}, {"name": "RHSA-2006:0758", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2006-0758.html"}, {"name": "1017417", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017417"}, {"name": "23692", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23692"}, {"name": "USN-398-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-398-2"}, {"name": "GLSA-200701-04", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml"}, {"name": "23282", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23282"}, {"name": "FEDORA-2006-1491", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://fedoranews.org/cms/node/2297"}, {"name": "23422", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23422"}, {"name": "HPSBUX02153", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-73.html"}, {"name": "23614", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23614"}, {"name": "RHSA-2006:0759", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2006-0759.html"}, {"name": "oval:org.mitre.oval:def:11077", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11077"}, {"name": "USN-398-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-398-1"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-051.html"}, {"name": "ADV-2008-0083", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0083"}, {"name": "FEDORA-2007-004", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://fedoranews.org/cms/node/2338"}, {"name": "20061202-01-P", "tags": ["vendor-advisory", "x_refsource_SGI"], "url": "ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc"}, {"name": "23440", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23440"}, {"name": "SUSE-SA:2006:080", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2006_80_mozilla.html"}, {"name": "20061222 rPSA-2006-0234-1 firefox", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/455145/100/0/threaded"}, {"name": "23545", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23545"}, {"name": "23618", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23618"}, {"name": "1017418", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017418"}, {"name": "TA06-354A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-354A.html"}, {"name": "20061220 ZDI-06-051: Mozilla Firefox SVG Processing Remote Code Execution Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/454939/100/0/threaded"}, {"name": "23589", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23589"}, {"name": "SSRT061181", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"}, {"name": "VU#928956", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/928956"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.rpath.com/browse/RPL-883"}, {"name": "20070102 rPSA-2006-0234-2 firefox thunderbird", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/455728/100/200/threaded"}, {"name": "SUSE-SA:2007:006", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2007_06_mozilla.html"}, {"name": "23601", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23601"}, {"name": "23514", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23514"}, {"name": "GLSA-200701-02", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200701-02.xml"}, {"name": "RHSA-2006:0760", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2006-0760.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:26:46.543Z"}, "title": "CVE Program Container", "references": [{"name": "21668", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/21668"}, {"name": "23433", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23433"}, {"name": "MDKSA-2007:010", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:010"}, {"name": "23439", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23439"}, {"name": "23672", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23672"}, {"name": "ADV-2006-5068", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/5068"}, {"name": "23468", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23468"}, {"name": "RHSA-2006:0758", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2006-0758.html"}, {"name": "1017417", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1017417"}, {"name": "23692", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23692"}, {"name": "USN-398-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-398-2"}, {"name": "GLSA-200701-04", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml"}, {"name": "23282", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23282"}, {"name": "FEDORA-2006-1491", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://fedoranews.org/cms/node/2297"}, {"name": "23422", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23422"}, {"name": "HPSBUX02153", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-73.html"}, {"name": "23614", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23614"}, {"name": "RHSA-2006:0759", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2006-0759.html"}, {"name": "oval:org.mitre.oval:def:11077", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11077"}, {"name": "USN-398-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-398-1"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-051.html"}, {"name": "ADV-2008-0083", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/0083"}, {"name": "FEDORA-2007-004", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://fedoranews.org/cms/node/2338"}, {"name": "20061202-01-P", "tags": ["vendor-advisory", "x_refsource_SGI", "x_transferred"], "url": "ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc"}, {"name": "23440", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23440"}, {"name": "SUSE-SA:2006:080", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2006_80_mozilla.html"}, {"name": "20061222 rPSA-2006-0234-1 firefox", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/455145/100/0/threaded"}, {"name": "23545", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23545"}, {"name": "23618", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23618"}, {"name": "1017418", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1017418"}, {"name": "TA06-354A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-354A.html"}, {"name": "20061220 ZDI-06-051: Mozilla Firefox SVG Processing Remote Code Execution Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/454939/100/0/threaded"}, {"name": "23589", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23589"}, {"name": "SSRT061181", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"}, {"name": "VU#928956", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/928956"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://issues.rpath.com/browse/RPL-883"}, {"name": "20070102 rPSA-2006-0234-2 firefox thunderbird", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/455728/100/200/threaded"}, {"name": "SUSE-SA:2007:006", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2007_06_mozilla.html"}, {"name": "23601", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23601"}, {"name": "23514", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23514"}, {"name": "GLSA-200701-02", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200701-02.xml"}, {"name": "RHSA-2006:0760", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2006-0760.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2006-6504", "datePublished": "2006-12-20T01:00:00", "dateReserved": "2006-12-13T00:00:00", "dateUpdated": "2024-08-07T20:26:46.543Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "A3FAAB80-9C12-47E9-BE5A-7763004F7A7D", "versionEndExcluding": "1.5.0.9", "versionStartIncluding": "1.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "C911462E-7F1B-4C32-82FB-40816E7B4592", "versionEndExcluding": "2.0.0.1", "versionStartIncluding": "2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*", "matchCriteriaId": "BD3C5C83-4F57-4D3A-A872-4F5BE7CD634B", "versionEndExcluding": "1.0.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*", "matchCriteriaId": "0FA3A32E-445A-4D39-A8D5-75F5370AD23D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*", "matchCriteriaId": "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*", "matchCriteriaId": "23E304C9-F780-4358-A58D-1E4C93977704", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption."}, {"lang": "es", "value": "Mozilla Firefox 2.x anterior a 2.0.0.1, 1.5.x anterior a 1.5.0.9, y SeaMonkey anterior a 1.0.7 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a\u00f1adiendo un nodo DOM con un comentario SVG a otro tipo de documento, lo cual desemboca en una corrupci\u00f3n de memoria."}], "id": "CVE-2006-6504", "lastModified": "2024-11-21T00:22:50.623", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2006-12-20T01:28:00.000", "references": [{"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://fedoranews.org/cms/node/2297"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://fedoranews.org/cms/node/2338"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2006-0758.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2006-0759.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2006-0760.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/23282"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/23422"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/23433"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/23439"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/23440"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/23468"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/23514"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/23545"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/23589"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/23601"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/23614"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/23618"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/23672"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/23692"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-200701-02.xml"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://securitytracker.com/id?1017417"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://securitytracker.com/id?1017418"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/928956"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:010"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-73.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.novell.com/linux/security/advisories/2006_80_mozilla.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.novell.com/linux/security/advisories/2007_06_mozilla.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/454939/100/0/threaded"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/455145/100/0/threaded"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/455728/100/200/threaded"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/21668"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/usn-398-1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/usn-398-2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-354A.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2006/5068"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2008/0083"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-051.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "https://issues.rpath.com/browse/RPL-883"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11077"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://fedoranews.org/cms/node/2297"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://fedoranews.org/cms/node/2338"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2006-0758.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2006-0759.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2006-0760.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/23282"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/23422"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/23433"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/23439"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/23440"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/23468"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/23514"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/23545"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/23589"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/23601"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/23614"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/23618"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/23672"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/23692"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-200701-02.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://securitytracker.com/id?1017417"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://securitytracker.com/id?1017418"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/928956"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:010"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-73.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.novell.com/linux/security/advisories/2006_80_mozilla.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.novell.com/linux/security/advisories/2007_06_mozilla.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/454939/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/455145/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/455728/100/200/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/21668"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/usn-398-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/usn-398-2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-354A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2006/5068"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2008/0083"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-051.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://issues.rpath.com/browse/RPL-883"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11077"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2006:0759", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "package": "seamonkey-0:1.0.7-0.1.el2", "product_name": "Red Hat Enterprise Linux 2.1", "release_date": "2006-12-19T00:00:00Z"}, {"advisory": "RHSA-2006:0759", "cpe": "cpe:/o:redhat:enterprise_linux:3", "package": "seamonkey-0:1.0.7-0.1.el3", "product_name": "Red Hat Enterprise Linux 3", "release_date": "2006-12-19T00:00:00Z"}, {"advisory": "RHSA-2006:0758", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "firefox-0:1.5.0.9-0.1.el4", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2006-12-19T00:00:00Z"}, {"advisory": "RHSA-2006:0759", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "devhelp-0:0.10-0.6.el4", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2006-12-19T00:00:00Z"}, {"advisory": "RHSA-2006:0759", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "seamonkey-0:1.0.7-0.1.el4", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2006-12-19T00:00:00Z"}, {"advisory": "RHSA-2006:0760", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "thunderbird-0:1.5.0.9-0.1.el4", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2006-12-19T00:00:00Z"}], "bugzilla": {"description": "security flaw", "id": "1618248", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618248"}, "csaw": false, "details": ["Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption."], "name": "CVE-2006-6504", "public_date": "2006-12-19T19:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2006-6504\nhttps://nvd.nist.gov/vuln/detail/CVE-2006-6504"], "threat_severity": "Critical"}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object