CVE-2006-1730 : Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x

Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via a large number in the CSS letter-spacing property that leads to a heap-based buffer overflow.

Published 2006-04-14 10:02:00

Updated 2025-04-03 01:03:51

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Products affected by CVE-2006-1730

Mozilla » Firefox » Version: 1.0
cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 1.5.0.1
cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 1.0.1
cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 1.0.2
cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 1.0.3
cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 1.0.4
cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 1.0.5
cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 1.0.6
cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 1.5 Update Beta1
cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 1.5 Update Beta2
cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 1.0.7
cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 1.5
cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 1.0
cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 1.0.1
cpe:2.3:a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 1.0.2
cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 1.0.3
cpe:2.3:a:mozilla:thunderbird:1.0.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 1.0.4
cpe:2.3:a:mozilla:thunderbird:1.0.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 1.0.5 Update Beta
cpe:2.3:a:mozilla:thunderbird:1.0.5:beta:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 1.0.7
cpe:2.3:a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 1.5 Update Beta2
cpe:2.3:a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 1.0.5
cpe:2.3:a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 1.0.6
cpe:2.3:a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 1.5
cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 1.5.0.1
cpe:2.3:a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Mozilla Suite » Version: 1.7.7
cpe:2.3:a:mozilla:mozilla_suite:1.7.7:*:*:*:*:*:*:*
Matching versions
Mozilla » Mozilla Suite » Version: 1.7.8
cpe:2.3:a:mozilla:mozilla_suite:1.7.8:*:*:*:*:*:*:*
Matching versions
Mozilla » Mozilla Suite » Version: 1.7.10
cpe:2.3:a:mozilla:mozilla_suite:1.7.10:*:*:*:*:*:*:*
Matching versions
Mozilla » Mozilla Suite » Version: 1.7.6
cpe:2.3:a:mozilla:mozilla_suite:1.7.6:*:*:*:*:*:*:*
Matching versions
Mozilla » Mozilla Suite » Version: 1.7.11
cpe:2.3:a:mozilla:mozilla_suite:1.7.11:*:*:*:*:*:*:*
Matching versions
Mozilla » Mozilla Suite » Version: 1.7.12
cpe:2.3:a:mozilla:mozilla_suite:1.7.12:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0 Update Beta
cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0 Alpha Edition
cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2006-1730

EPSS FAQ

26.48%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 96 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2006-1730

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2006-1730

CWE-189

Assigned by: nvd@nist.gov (Primary)

References for CVE-2006-1730

http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm

ASA-2006-205 (SUN 102502, 102513, 102514, 102519, 102550, 102556, 102557, 102582, 102588, 102589, 102593)

CVEs referencing this url
http://www.securityfocus.com/archive/1/434524/100/0/threaded

CVEs referencing this url
http://securityreason.com/securityalert/720

Mozilla Firefox CSS Letter-Spacing Heap Overflow Vulnerability - CXSecurity.com
http://secunia.com/advisories/19821

About Secunia Research | Flexera
Vendor Advisory

CVEs referencing this url
http://secunia.com/advisories/19759

About Secunia Research | Flexera
Vendor Advisory

CVEs referencing this url
http://secunia.com/advisories/19862

About Secunia Research | Flexera
Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/archive/1/431060/100/0/threaded
http://www.novell.com/linux/security/advisories/2006_04_25.html

404 Page Not Found | SUSE

CVEs referencing this url
http://securitytracker.com/id?1015915

Access Denied
Patch
http://www.kb.cert.org/vuls/id/179014

VU#179014 - Mozilla CSS integer overflow vulnerability
Third Party Advisory;US Government Resource
http://secunia.com/advisories/19811

About Secunia Research | Flexera
Vendor Advisory

CVEs referencing this url
http://secunia.com/advisories/19823

About Secunia Research | Flexera
Vendor Advisory

CVEs referencing this url
https://usn.ubuntu.com/271-1/

404: Page not found | Ubuntu

CVEs referencing this url
http://www.vupen.com/english/advisories/2006/3749

Site en construction

CVEs referencing this url
http://www.redhat.com/support/errata/RHSA-2006-0330.html

Support
Vendor Advisory

CVEs referencing this url
http://www.vupen.com/english/advisories/2008/0083

Webmail: access your OVH emails on ovhcloud.com | OVHcloud

CVEs referencing this url
http://securitytracker.com/id?1015916

Access Denied
Patch
http://www.debian.org/security/2006/dsa-1051

[SECURITY] [DSA 1051-1] New Mozilla Thunderbird packages fix several vulnerabilities

CVEs referencing this url
http://secunia.com/advisories/19631

About Secunia Research | Flexera
Patch;Vendor Advisory

CVEs referencing this url
http://secunia.com/advisories/19729

About Secunia Research | Flexera

CVEs referencing this url
http://securitytracker.com/id?1015917

Access Denied
Patch
http://secunia.com/advisories/22066

About Secunia Research | Flexera

CVEs referencing this url
http://secunia.com/advisories/19852

About Secunia Research | Flexera
Vendor Advisory

CVEs referencing this url
http://secunia.com/advisories/21033

About Secunia Research | Flexera
Vendor Advisory

CVEs referencing this url
http://www.mozilla.org/security/announce/2006/mfsa2006-22.html

CSS Letter-Spacing Heap Overflow Vulnerability — Mozilla
Vendor Advisory
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html

[SECURITY] Fedora Core 5 Update: firefox-1.5.0.2-1.1.fc5

CVEs referencing this url
http://secunia.com/advisories/19714

About Secunia Research | Flexera
Vendor Advisory

CVEs referencing this url
http://secunia.com/advisories/19794

About Secunia Research | Flexera
Vendor Advisory

CVEs referencing this url
http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml

Mozilla Firefox: Multiple vulnerabilities (GLSA 200604-12) — Gentoo security

CVEs referencing this url
http://secunia.com/advisories/19863

About Secunia Research | Flexera
Vendor Advisory

CVEs referencing this url
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html

[SECURITY] Fedora Core 4 Update: firefox-1.0.8-1.1.fc4

CVEs referencing this url
http://www.redhat.com/support/errata/RHSA-2006-0329.html

Support
Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/archive/1/438730/100/0/threaded

CVEs referencing this url
http://secunia.com/advisories/19696

About Secunia Research | Flexera

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDKSA-2006:078

Mandriva

CVEs referencing this url
http://www.zerodayinitiative.com/advisories/ZDI-06-010.html

ZDI-06-010 | Zero Day Initiative
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1614

404 Not Found
http://secunia.com/advisories/22065

About Secunia Research | Flexera

CVEs referencing this url
http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml

Mozilla Thunderbird: Multiple vulnerabilities (GLSA 200605-09) — Gentoo security

CVEs referencing this url
http://secunia.com/advisories/19746

About Secunia Research | Flexera
Vendor Advisory

CVEs referencing this url
http://www.vupen.com/english/advisories/2006/1356

Site en construction

CVEs referencing this url
http://secunia.com/advisories/19950

About Secunia Research | Flexera
Vendor Advisory

CVEs referencing this url
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt

CVEs referencing this url
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1

CVEs referencing this url
http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDKSA-2006:076

Mandriva

CVEs referencing this url
http://secunia.com/advisories/19941

About Secunia Research | Flexera
Vendor Advisory

CVEs referencing this url
http://securitytracker.com/id?1015918

Access Denied
Patch
http://www.securityfocus.com/archive/1/436296/100/0/threaded

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10055

404 Not Found
http://www.us-cert.gov/cas/techalerts/TA06-107A.html

Page Not Found | CISA
US Government Resource

CVEs referencing this url
http://secunia.com/advisories/20051

About Secunia Research | Flexera

CVEs referencing this url
http://secunia.com/advisories/19649

About Secunia Research | Flexera
Patch;Vendor Advisory

CVEs referencing this url
http://www.debian.org/security/2006/dsa-1046

[SECURITY] [DSA 1046-1] New Mozilla packages fix several vulnerabilities

CVEs referencing this url
http://secunia.com/advisories/19721

About Secunia Research | Flexera
Vendor Advisory

CVEs referencing this url
http://secunia.com/advisories/21622

About Secunia Research | Flexera

CVEs referencing this url
http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html

Object not found!

CVEs referencing this url
http://www.vupen.com/english/advisories/2006/3748

Site en construction

CVEs referencing this url
http://secunia.com/advisories/19780

About Secunia Research | Flexera

CVEs referencing this url
ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/25826

Multiple Mozilla products CSS letter-spacing element integer overflow CVE-2006-1730 Vulnerability Report
https://usn.ubuntu.com/276-1/

404: Page not found | Ubuntu

CVEs referencing this url
http://www.securityfocus.com/bid/17516

CVEs referencing this url
http://www.securityfocus.com/archive/1/436338/100/0/threaded

CVEs referencing this url
http://www.securityfocus.com/archive/1/446657/100/200/threaded

CVEs referencing this url
https://usn.ubuntu.com/275-1/

404: Page not found | Ubuntu

CVEs referencing this url
http://www.vupen.com/english/advisories/2006/3391

Site en construction

CVEs referencing this url
http://www.redhat.com/support/errata/RHSA-2006-0328.html

Support
Vendor Advisory

CVEs referencing this url
http://secunia.com/advisories/19902

About Secunia Research | Flexera
Vendor Advisory

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDKSA-2006:075

Mandriva

CVEs referencing this url
http://www.securityfocus.com/archive/1/446658/100/200/threaded

CVEs referencing this url
http://www.debian.org/security/2006/dsa-1044

[SECURITY] [DSA 1044-1] New Mozilla Firefox packages fix several vulnerabilities

CVEs referencing this url
http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml

Mozilla Suite: Multiple vulnerabilities (GLSA 200604-18) — Gentoo security

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2006-1730

Products affected by CVE-2006-1730

Exploit prediction scoring system (EPSS) score for CVE-2006-1730

CVSS scores for CVE-2006-1730

CWE ids for CVE-2006-1730

References for CVE-2006-1730