Vulnerability Details : CVE-2006-6502
Use-after-free vulnerability in the LiveConnect bridge code for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) via unknown vectors.
Vulnerability category: Memory CorruptionDenial of service
Products affected by CVE-2006-6502
- cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0:beta_1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.5:beta:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:*:dev:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-6502
17.22%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-6502
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.1
|
HIGH | AV:N/AC:M/Au:N/C:N/I:N/A:C |
8.6
|
6.9
|
NIST |
References for CVE-2006-6502
-
http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml
SeaMonkey: Multiple vulnerabilities (GLSA 200701-04) — Gentoo security
-
http://secunia.com/advisories/23692
About Secunia Research | Flexera
-
http://www.novell.com/linux/security/advisories/2007_06_mozilla.html
404 Page Not Found | SUSE
-
http://secunia.com/advisories/23433
About Secunia Research | Flexera
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9626
404 Not Found
-
http://secunia.com/advisories/23282
About Secunia Research | Flexera
-
http://secunia.com/advisories/24390
About Secunia Research | Flexera
-
http://secunia.com/advisories/23614
About Secunia Research | Flexera
-
http://www.debian.org/security/2007/dsa-1258
Debian -- Security Information -- DSA-1258-1 mozilla-thunderbird
-
http://www.us-cert.gov/cas/techalerts/TA06-354A.html
Page Not Found | CISAUS Government Resource
-
http://fedoranews.org/cms/node/2297
404 Not Found
-
http://www.novell.com/linux/security/advisories/2006_80_mozilla.html
404 Page Not Found | SUSE
-
http://www.mozilla.org/security/announce/2006/mfsa2006-71.html
LiveConnect crash finalizing JS objects — MozillaVendor Advisory
-
http://secunia.com/advisories/23598
About Secunia Research | Flexera
-
http://secunia.com/advisories/23514
About Secunia Research | Flexera
-
http://www.vupen.com/english/advisories/2008/0083
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://secunia.com/advisories/24078
About Secunia Research | Flexera
-
http://secunia.com/advisories/23672
About Secunia Research | Flexera
-
http://securitytracker.com/id?1017411
Access Denied
-
http://secunia.com/advisories/23601
About Secunia Research | Flexera
-
http://secunia.com/advisories/23618
About Secunia Research | Flexera
-
http://secunia.com/advisories/23589
About Secunia Research | Flexera
-
http://www.securityfocus.com/archive/1/455145/100/0/threaded
-
http://secunia.com/advisories/23468
About Secunia Research | Flexera
-
http://secunia.com/advisories/23440
About Secunia Research | Flexera
-
http://rhn.redhat.com/errata/RHSA-2006-0759.html
RHSA-2006:0759 - Security Advisory - Red Hat Customer Portal
-
http://www.kb.cert.org/vuls/id/428500
VU#428500 - Mozilla LiveConnect vulnerable to crash finalizing JS objectsUS Government Resource
-
http://securitytracker.com/id?1017412
Access Denied
-
http://security.gentoo.org/glsa/glsa-200701-02.xml
Mozilla Firefox: Multiple vulnerabilities (GLSA 200701-02) — Gentoo security
-
http://www.debian.org/security/2007/dsa-1253
Debian -- Security Information -- DSA-1253-1 mozilla-firefox
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:011
Mandriva
-
https://issues.rpath.com/browse/RPL-883
-
http://www.ubuntu.com/usn/usn-398-1
USN-398-1: Firefox vulnerabilities | Ubuntu security notices | Ubuntu
-
http://secunia.com/advisories/23545
About Secunia Research | Flexera
-
http://rhn.redhat.com/errata/RHSA-2006-0758.html
RHSA-2006:0758 - Security Advisory - Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2006-0760.html
RHSA-2006:0760 - Security Advisory - Red Hat Customer Portal
-
http://www.ubuntu.com/usn/usn-400-1
USN-400-1: Thunderbird vulnerabilities | Ubuntu security notices | Ubuntu
-
http://www.securityfocus.com/bid/21668
-
http://secunia.com/advisories/23422
About Secunia Research | Flexera
-
http://www.gentoo.org/security/en/glsa/glsa-200701-03.xml
Mozilla Thunderbird: Multiple vulnerabilities (GLSA 200701-03) — Gentoo security
-
ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc
-
http://secunia.com/advisories/23988
About Secunia Research | Flexera
-
http://www.vupen.com/english/advisories/2006/5068
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://securitytracker.com/id?1017413
Access Denied
-
http://secunia.com/advisories/23591
About Secunia Research | Flexera
-
http://secunia.com/advisories/23420
About Secunia Research | Flexera
-
http://www.debian.org/security/2007/dsa-1265
Debian -- Security Information -- DSA-1265-1 mozilla
-
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
-
http://secunia.com/advisories/23439
About Secunia Research | Flexera
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:010
Mandriva
-
http://www.ubuntu.com/usn/usn-398-2
USN-398-2: Firefox vulnerabilities | Ubuntu security notices | Ubuntu
-
http://www.securityfocus.com/archive/1/455728/100/200/threaded
-
http://fedoranews.org/cms/node/2338
404 Not Found
Jump to