Vulnerability Details : CVE-2006-4565
Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a JavaScript regular expression with a "minimal quantifier."
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2006-4565
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-4565
3.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-4565
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2006-4565
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2006-4565
-
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
-
http://www.securityfocus.com/archive/1/446140/100/0/threaded
-
http://www.redhat.com/support/errata/RHSA-2006-0677.html
SupportPatch;Vendor Advisory
-
http://www.ubuntu.com/usn/usn-354-1
500: Server error | Ubuntu
-
http://www.redhat.com/support/errata/RHSA-2006-0676.html
SupportPatch;Vendor Advisory
-
http://securitytracker.com/id?1016848
Access Denied
-
http://www.ubuntu.com/usn/usn-361-1
USN-361-1: Mozilla vulnerabilities | Ubuntu security notices | Ubuntu
-
http://securitytracker.com/id?1016846
GoDaddy Domain Name Search
-
http://www.vupen.com/english/advisories/2008/0083
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://www.ubuntu.com/usn/usn-351-1
USN-351-1: firefox vulnerabilities | Ubuntu security notices | Ubuntu
-
http://security.gentoo.org/glsa/glsa-200610-04.xml
Seamonkey: Multiple vulnerabilities (GLSA 200610-04) — Gentoo security
-
http://www.redhat.com/support/errata/RHSA-2006-0675.html
Support
-
http://securitytracker.com/id?1016847
GoDaddy Domain Name Search
-
http://www.ubuntu.com/usn/usn-350-1
USN-350-1: Thunderbird vulnerabilities | Ubuntu security notices | Ubuntu
-
http://security.gentoo.org/glsa/glsa-200609-19.xml
Mozilla Firefox: Multiple vulnerabilities (GLSA 200609-19) — Gentoo security
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:169
Mandriva
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11421
404 Not Found
-
http://www.novell.com/linux/security/advisories/2006_54_mozilla.html
404 Page Not Found | SUSE
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:168
Mandriva
-
http://www.debian.org/security/2006/dsa-1192
[SECURITY] [DSA 1192-1] New Mozilla packages fix several vulnerabilities
-
ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
-
https://issues.rpath.com/browse/RPL-640
-
http://www.securityfocus.com/bid/20042
-
http://security.gentoo.org/glsa/glsa-200610-01.xml
Mozilla Thunderbird: Multiple vulnerabilities (GLSA 200610-01) — Gentoo security
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/28955
Mozilla Firefox, Thunderbird, and SeaMonkey JavaScript expression buffer overflow CVE-2006-4565 Vulnerability Report
-
http://www.us.debian.org/security/2006/dsa-1191
-
http://www.vupen.com/english/advisories/2006/3748
Site en construction
-
http://www.vupen.com/english/advisories/2006/3617
Site en construction
-
http://www.mozilla.org/security/announce/2006/mfsa2006-57.html
JavaScript Regular Expression Heap Corruption — MozillaVendor Advisory
-
http://www.debian.org/security/2006/dsa-1210
Debian -- The Universal Operating System
-
http://www.vupen.com/english/advisories/2007/1198
Site en construction
-
http://www.ubuntu.com/usn/usn-352-1
USN-352-1: Thunderbird vulnerabilities | Ubuntu security notices | Ubuntu
-
http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm
ASA-2006-224 (RHSA-2006-0675)
Jump to