1. CVE-Search
  2. CVE-2006-4571
ID CVE-2006-4571
Summary Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allow remote attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via unspecified vectors, some of which involve JavaScript, and possibly large images or plugin data.
References
Vulnerable Configurations
  • cpe:2.3:a:mozilla:seamonkey:-:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:-:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.7:-:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.7:-:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.7:rc:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.7:rc:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.0:-:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.0:-:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.0:rc:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.0:rc:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.1:alpha1:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.1:alpha1:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.1:alpha2:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.1:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.5:-:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.5:-:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.5:beta1:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.5:beta1:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.5:rc1:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.5:rc1:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.5:rc2:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.5:rc2:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.5.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.5.0.5:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 17-10-2018 - 21:38)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
oval via4
accepted 2013-04-29T04:15:33.174-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allow remote attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via unspecified vectors, some of which involve JavaScript, and possibly large images or plugin data.
family unix
id oval:org.mitre.oval:def:11728
status accepted
submitted 2010-07-09T03:56:16-04:00
title Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allow remote attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via unspecified vectors, some of which involve JavaScript, and possibly large images or plugin data.
version 29
redhat via4
advisories
  • bugzilla
    id 1618195
    title CVE-2006-4569 security flaw
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhba:tst:20070304025
      • comment firefox is earlier than 0:1.5.0.7-0.1.el4
        oval oval:com.redhat.rhsa:tst:20060675001
      • comment firefox is signed with Red Hat master key
        oval oval:com.redhat.rhsa:tst:20060200002
    rhsa
    id RHSA-2006:0675
    released 2006-09-15
    severity Critical
    title RHSA-2006:0675: firefox security update (Critical)
  • bugzilla
    id 1618196
    title CVE-2006-4570 security flaw
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhba:tst:20070304025
      • OR
        • AND
          • comment seamonkey is earlier than 0:1.0.5-0.1.el4
            oval oval:com.redhat.rhsa:tst:20060676001
          • comment seamonkey is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060609002
        • AND
          • comment seamonkey-chat is earlier than 0:1.0.5-0.1.el4
            oval oval:com.redhat.rhsa:tst:20060676003
          • comment seamonkey-chat is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060609004
        • AND
          • comment seamonkey-devel is earlier than 0:1.0.5-0.1.el4
            oval oval:com.redhat.rhsa:tst:20060676005
          • comment seamonkey-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060609006
        • AND
          • comment seamonkey-dom-inspector is earlier than 0:1.0.5-0.1.el4
            oval oval:com.redhat.rhsa:tst:20060676007
          • comment seamonkey-dom-inspector is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060609008
        • AND
          • comment seamonkey-js-debugger is earlier than 0:1.0.5-0.1.el4
            oval oval:com.redhat.rhsa:tst:20060676009
          • comment seamonkey-js-debugger is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060609010
        • AND
          • comment seamonkey-mail is earlier than 0:1.0.5-0.1.el4
            oval oval:com.redhat.rhsa:tst:20060676011
          • comment seamonkey-mail is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060609012
        • AND
          • comment devhelp is earlier than 0:0.10-0.4.el4
            oval oval:com.redhat.rhsa:tst:20060676013
          • comment devhelp is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060329002
        • AND
          • comment devhelp-devel is earlier than 0:0.10-0.4.el4
            oval oval:com.redhat.rhsa:tst:20060676015
          • comment devhelp-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060329004
    rhsa
    id RHSA-2006:0676
    released 2006-09-15
    severity Critical
    title RHSA-2006:0676: seamonkey security update (Critical)
  • bugzilla
    id 1618196
    title CVE-2006-4570 security flaw
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhba:tst:20070304025
      • comment thunderbird is earlier than 0:1.5.0.7-0.1.el4
        oval oval:com.redhat.rhsa:tst:20060677001
      • comment thunderbird is signed with Red Hat master key
        oval oval:com.redhat.rhsa:tst:20060330002
    rhsa
    id RHSA-2006:0677
    released 2006-09-15
    severity Critical
    title RHSA-2006:0677: thunderbird security update (Critical)
rpms
  • firefox-0:1.5.0.7-0.1.el4
  • firefox-debuginfo-0:1.5.0.7-0.1.el4
  • devhelp-0:0.10-0.4.el4
  • devhelp-debuginfo-0:0.10-0.4.el4
  • devhelp-devel-0:0.10-0.4.el4
  • seamonkey-0:1.0.5-0.1.el3
  • seamonkey-0:1.0.5-0.1.el4
  • seamonkey-chat-0:1.0.5-0.1.el3
  • seamonkey-chat-0:1.0.5-0.1.el4
  • seamonkey-debuginfo-0:1.0.5-0.1.el3
  • seamonkey-debuginfo-0:1.0.5-0.1.el4
  • seamonkey-devel-0:1.0.5-0.1.el3
  • seamonkey-devel-0:1.0.5-0.1.el4
  • seamonkey-dom-inspector-0:1.0.5-0.1.el3
  • seamonkey-dom-inspector-0:1.0.5-0.1.el4
  • seamonkey-js-debugger-0:1.0.5-0.1.el3
  • seamonkey-js-debugger-0:1.0.5-0.1.el4
  • seamonkey-mail-0:1.0.5-0.1.el3
  • seamonkey-mail-0:1.0.5-0.1.el4
  • seamonkey-nspr-0:1.0.5-0.1.el3
  • seamonkey-nspr-devel-0:1.0.5-0.1.el3
  • seamonkey-nss-0:1.0.5-0.1.el3
  • seamonkey-nss-devel-0:1.0.5-0.1.el3
  • thunderbird-0:1.5.0.7-0.1.el4
  • thunderbird-debuginfo-0:1.5.0.7-0.1.el4
refmap via4
bid 20042
bugtraq 20060915 rPSA-2006-0169-1 firefox thunderbird
confirm
debian
  • DSA-1191
  • DSA-1192
  • DSA-1210
gentoo
  • GLSA-200609-19
  • GLSA-200610-01
  • GLSA-200610-04
hp
  • HPSBUX02153
  • SSRT061181
mandriva
  • MDKSA-2006:168
  • MDKSA-2006:169
sectrack
  • 1016846
  • 1016847
  • 1016848
secunia
  • 21906
  • 21915
  • 21916
  • 21939
  • 21940
  • 21949
  • 21950
  • 22001
  • 22025
  • 22036
  • 22055
  • 22056
  • 22066
  • 22074
  • 22088
  • 22195
  • 22210
  • 22247
  • 22274
  • 22299
  • 22342
  • 22391
  • 22422
  • 22849
  • 24711
sgi 20060901-01-P
ubuntu
  • USN-350-1
  • USN-351-1
  • USN-352-1
  • USN-354-1
  • USN-361-1
vupen
  • ADV-2006-3617
  • ADV-2006-3748
  • ADV-2007-1198
  • ADV-2008-0083
Last major update 17-10-2018 - 21:38
Published 15-09-2006 - 19:07
Last modified 17-10-2018 - 21:38
Back to Top