CVE-2006-6506 - OpenCVE

The "Feed Preview" feature in Mozilla Firefox 2.0 before 2.0.0.1 sends the URL of the feed when requesting favicon.ico icons, which results in a privacy leak that might allow feed viewing services to determine browsing habits.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mozilla	Firefox

Configuration 1 [-]

cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://secunia.com/advisories/23282
http://secunia.com/advisories/23545
http://secunia.com/advisories/23589
http://secunia.com/advisories/23614
http://secunia.com/advisories/23672
http://security.gentoo.org/glsa/glsa-200701-02.xml
http://securitytracker.com/id?1017421
http://www.legroom.net/modules.php?op=modload&name=News&file=article&sid=215
http://www.mozilla.org/security/announce/2006/mfsa2006-75.html
http://www.novell.com/linux/security/advisories/2006_80_mozilla.html
http://www.novell.com/linux/security/advisories/2007_06_mozilla.html
http://www.securityfocus.com/bid/21668
http://www.ubuntu.com/usn/usn-398-1
http://www.us-cert.gov/cas/techalerts/TA06-354A.html
http://www.vupen.com/english/advisories/2006/5068
http://www.vupen.com/english/advisories/2008/0083

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2006-12-20T01:00:00

Updated: 2024-08-07T20:26:46.642Z

Reserved: 2006-12-13T00:00:00

Link: CVE-2006-6506

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-12-20T01:28:00.000

Modified: 2011-03-08T02:46:10.313

Link: CVE-2006-6506

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-10-25T00:00:00", "descriptions": [{"lang": "en", "value": "The \"Feed Preview\" feature in Mozilla Firefox 2.0 before 2.0.0.1 sends the URL of the feed when requesting favicon.ico icons, which results in a privacy leak that might allow feed viewing services to determine browsing habits."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2006-12-22T10:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "21668", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21668"}, {"name": "23672", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23672"}, {"name": "ADV-2006-5068", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/5068"}, {"name": "23282", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23282"}, {"name": "HPSBUX02153", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"}, {"name": "23614", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23614"}, {"name": "USN-398-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-398-1"}, {"name": "ADV-2008-0083", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0083"}, {"tags": ["x_refsource_MISC"], "url": "http://www.legroom.net/modules.php?op=modload&name=News&file=article&sid=215"}, {"name": "SUSE-SA:2006:080", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2006_80_mozilla.html"}, {"name": "23545", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23545"}, {"name": "TA06-354A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-354A.html"}, {"name": "23589", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23589"}, {"name": "SSRT061181", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"}, {"name": "SUSE-SA:2007:006", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2007_06_mozilla.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-75.html"}, {"name": "1017421", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017421"}, {"name": "GLSA-200701-02", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200701-02.xml"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2006-6506", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The \"Feed Preview\" feature in Mozilla Firefox 2.0 before 2.0.0.1 sends the URL of the feed when requesting favicon.ico icons, which results in a privacy leak that might allow feed viewing services to determine browsing habits."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "21668", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21668"}, {"name": "23672", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23672"}, {"name": "ADV-2006-5068", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/5068"}, {"name": "23282", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23282"}, {"name": "HPSBUX02153", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"}, {"name": "23614", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23614"}, {"name": "USN-398-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-398-1"}, {"name": "ADV-2008-0083", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0083"}, {"name": "http://www.legroom.net/modules.php?op=modload&name=News&file=article&sid=215", "refsource": "MISC", "url": "http://www.legroom.net/modules.php?op=modload&name=News&file=article&sid=215"}, {"name": "SUSE-SA:2006:080", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2006_80_mozilla.html"}, {"name": "23545", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23545"}, {"name": "TA06-354A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA06-354A.html"}, {"name": "23589", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23589"}, {"name": "SSRT061181", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"}, {"name": "SUSE-SA:2007:006", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2007_06_mozilla.html"}, {"name": "http://www.mozilla.org/security/announce/2006/mfsa2006-75.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-75.html"}, {"name": "1017421", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017421"}, {"name": "GLSA-200701-02", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200701-02.xml"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:26:46.642Z"}, "title": "CVE Program Container", "references": [{"name": "21668", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/21668"}, {"name": "23672", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23672"}, {"name": "ADV-2006-5068", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/5068"}, {"name": "23282", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23282"}, {"name": "HPSBUX02153", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"}, {"name": "23614", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23614"}, {"name": "USN-398-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-398-1"}, {"name": "ADV-2008-0083", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/0083"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.legroom.net/modules.php?op=modload&name=News&file=article&sid=215"}, {"name": "SUSE-SA:2006:080", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2006_80_mozilla.html"}, {"name": "23545", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23545"}, {"name": "TA06-354A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-354A.html"}, {"name": "23589", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23589"}, {"name": "SSRT061181", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"}, {"name": "SUSE-SA:2007:006", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2007_06_mozilla.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-75.html"}, {"name": "1017421", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1017421"}, {"name": "GLSA-200701-02", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200701-02.xml"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2006-6506", "datePublished": "2006-12-20T01:00:00", "dateReserved": "2006-12-13T00:00:00", "dateUpdated": "2024-08-07T20:26:46.642Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "3487FA64-BE04-42CA-861E-3DAC097D7D32", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The \"Feed Preview\" feature in Mozilla Firefox 2.0 before 2.0.0.1 sends the URL of the feed when requesting favicon.ico icons, which results in a privacy leak that might allow feed viewing services to determine browsing habits."}, {"lang": "es", "value": "La caracter\u00edstica \"Feed Preview\" en Mozilla Firefox 2.0 anterior a 2.0.0.1 env\u00eda la URL del feed en la petici\u00f3n de iconos favicon.ico, lo cual implica una debilidad en la privacidad que puede permitir a los servicios que muestran feeds determinar h\u00e1bitos de navegaci\u00f3n."}], "id": "CVE-2006-6506", "lastModified": "2011-03-08T02:46:10.313", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2006-12-20T01:28:00.000", "references": [{"source": "secalert@redhat.com", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/23282"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/23545"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/23589"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/23614"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/23672"}, {"source": "secalert@redhat.com", "url": "http://security.gentoo.org/glsa/glsa-200701-02.xml"}, {"source": "secalert@redhat.com", "url": "http://securitytracker.com/id?1017421"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "http://www.legroom.net/modules.php?op=modload&name=News&file=article&sid=215"}, {"source": "secalert@redhat.com", "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-75.html"}, {"source": "secalert@redhat.com", "url": "http://www.novell.com/linux/security/advisories/2006_80_mozilla.html"}, {"source": "secalert@redhat.com", "url": "http://www.novell.com/linux/security/advisories/2007_06_mozilla.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/21668"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/usn-398-1"}, {"source": "secalert@redhat.com", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-354A.html"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2006/5068"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2008/0083"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}