Vulnerability Details : CVE-2006-4310
Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FTP response, when attempting to connect with a username and password via the FTP URI.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2006-4310
- cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-4310
6.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-4310
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2006-4310
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2006-4310
-
Red Hat 2006-09-21Red Hat does not consider this flaw a security issue. This flaw is the result of a NULL pointer dereference, which is not exploitable and can only cause a client crash.
References for CVE-2006-4310
-
http://www.debian.org/security/2006/dsa-1224
[SECURITY] [DSA 1224-1] New Mozilla packages fix several vulnerabilities
-
http://www.securityfocus.com/archive/1/444064/100/0/threaded
-
http://www.debian.org/security/2006/dsa-1225
[SECURITY] [DSA 1225-1] New Mozilla Firefox packages fix several vulnerabilities
-
http://www.debian.org/security/2006/dsa-1227
[SECURITY] [DSA 1227-1] New Mozilla Thunderbird packages fix several vulnerabilities
-
http://www.securityfocus.com/bid/19678
-
http://securityreason.com/securityalert/1444
(exploit) firefox 1.5.0.6 linux DoS - CXSecurity.com
Jump to