Vulnerability Details : CVE-2006-1742
The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger operations on freed memory and cause memory corruption.
Vulnerability category: Memory Corruption
Products affected by CVE-2006-1742
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.5:beta:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla_suite:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla_suite:1.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla_suite:1.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla_suite:1.7.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla_suite:1.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla_suite:1.7.11:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:*:beta:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-1742
7.67%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-1742
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2006-1742
-
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
ASA-2006-205 (SUN 102502, 102513, 102514, 102519, 102550, 102556, 102557, 102582, 102588, 102589, 102593)
-
http://www.novell.com/linux/security/advisories/2006_04_25.html
404 Page Not Found | SUSE
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/25807
Multiple Mozilla products garbage-collection temp variable memory corruption CVE-2006-1742 Vulnerability Report
-
https://usn.ubuntu.com/271-1/
404: Page not found | Ubuntu
-
http://www.redhat.com/support/errata/RHSA-2006-0330.html
Support
-
http://www.debian.org/security/2006/dsa-1051
[SECURITY] [DSA 1051-1] New Mozilla Thunderbird packages fix several vulnerabilities
-
http://www.mozilla.org/security/announce/2006/mfsa2006-10.html
JavaScript garbage-collection hazard audit — Mozilla
-
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html
[SECURITY] Fedora Core 5 Update: firefox-1.5.0.2-1.1.fc5
-
http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
Mozilla Firefox: Multiple vulnerabilities (GLSA 200604-12) — Gentoo security
-
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html
[SECURITY] Fedora Core 4 Update: firefox-1.0.8-1.1.fc4
-
http://www.redhat.com/support/errata/RHSA-2006-0329.html
Support
-
http://www.securityfocus.com/archive/1/438730/100/0/threaded
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1087
404 Not Found
-
http://www.kb.cert.org/vuls/id/492382
VU#492382 - Mozilla products JavaScript engine fail to properly handle garbage-collectionUS Government Resource
-
http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml
Mozilla Thunderbird: Multiple vulnerabilities (GLSA 200605-09) — Gentoo security
-
http://www.vupen.com/english/advisories/2006/1356
Site en construction
-
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:076
Mandriva
-
http://www.securityfocus.com/archive/1/436296/100/0/threaded
-
http://www.debian.org/security/2006/dsa-1046
[SECURITY] [DSA 1046-1] New Mozilla packages fix several vulnerabilities
-
http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html
Object not found!
-
ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc
-
https://usn.ubuntu.com/276-1/
404: Page not found | Ubuntu
-
http://www.securityfocus.com/archive/1/436338/100/0/threaded
-
https://usn.ubuntu.com/275-1/
404: Page not found | Ubuntu
-
http://www.redhat.com/support/errata/RHSA-2006-0328.html
Support
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:075
Mandriva
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11808
404 Not Found
-
http://www.debian.org/security/2006/dsa-1044
[SECURITY] [DSA 1044-1] New Mozilla Firefox packages fix several vulnerabilities
-
http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
Mozilla Suite: Multiple vulnerabilities (GLSA 200604-18) — Gentoo security
Jump to