CVE-2006-2779
Mozilla Firefox and Thunderbird - Remote Code Execution via Multiple DOM and XBL Mechanisms
Title source: llmDescription
Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption.
References (61)
Core 61
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27216
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/20709
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2006/dsa-1160
Various Sources x_refsource_confirm
http://www.mozilla.org/security/announce/2006/mfsa2006-32.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21176
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2006:145
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/466673
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3748
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/297-3/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/26843
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/296-1/
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/323-1/
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/20561
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9762
Patch, US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA06-153A.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21210
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2006-0594.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21336
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/20382
Patch vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1016214
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/435795/100/0/threaded
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3749
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2006-0610.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21654
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/20376
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2006:146
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2006-0609.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21178
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21634
Patch vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1016202
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21607
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/18228
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21532
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21270
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0083
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3488
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21188
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21134
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21631
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_hp
http://www.securityfocus.com/archive/1/446658/100/200/threaded
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_hp
http://www.securityfocus.com/archive/1/446657/100/200/threaded
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/296-2/
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2006/dsa-1118
Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200387-1
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2006/dsa-1120
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2006-0611.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2006/dsa-1134
Patch, Vendor Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21324
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21183
Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102943-1
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22066
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21269
Vendor Advisory vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/2006_35_mozilla.html
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/297-1/
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2006-0578.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/2106
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2006:143
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22065
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2006/dsa-1159
Scores
EPSS
0.0696
EPSS Percentile
93.3%
Details
CWE
CWE-94
Status
published
Products (39)
mozilla/firefox
0.8
mozilla/firefox
0.9 (2 CPE variants)
mozilla/firefox
0.9.1
mozilla/firefox
0.9.2
mozilla/firefox
0.9.3
mozilla/firefox
0.10
mozilla/firefox
0.10.1
mozilla/firefox
1.0
mozilla/firefox
1.0.1
mozilla/firefox
1.0.2
... and 29 more
Published
Jun 02, 2006
Tracked Since
Feb 18, 2026