Home > Vulnerability Database > CVE-2006-0748

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2006-0748

Date: April 14, 2006

Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via "an invalid and non-sensical ordering of table-related tags" that results in a negative array index.

Severity Score

8.1

Related Resources (55)

Url: http://www.securityfocus.com/archive/1/446657/100/200/threaded

Url: http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml

Url: http://www.zerodayinitiative.com/advisories/ZDI-06-011/

Url: http://secunia.com/advisories/19811

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1

Url: http://www.vupen.com/english/advisories/2006/3391

Url: http://secunia.com/advisories/19852

Url: http://www.securityfocus.com/archive/1/446658/100/200/threaded

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:075

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:076

Url: http://www.vupen.com/english/advisories/2006/3749

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:078

Url: http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml

Url: http://secunia.com/advisories/22065

Url: http://www.vupen.com/english/advisories/2006/3748

Url: http://secunia.com/advisories/22066

Url: http://www.debian.org/security/2006/dsa-1044

Url: http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm

Url: http://www.debian.org/security/2006/dsa-1046

Url: http://secunia.com/advisories/19902

Url: http://www.securityfocus.com/archive/1/436296/100/0/threaded

Url: http://secunia.com/advisories/19823

Url: http://secunia.com/advisories/19941

Url: http://secunia.com/advisories/19821

Url: http://secunia.com/advisories/19862

Url: http://secunia.com/advisories/19863

Url: http://secunia.com/advisories/19794

Url: http://secunia.com/advisories/21622

Url: http://www.securityfocus.com/archive/1/436338/100/0/threaded

Url: http://secunia.com/advisories/20051

Url: http://www.securityfocus.com/bid/17516

Url: http://www.vupen.com/english/advisories/2006/1356

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1

Url: ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt

Url: http://secunia.com/advisories/19759

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1189

Url: http://www.mozilla.org/security/announce/2006/mfsa2006-27.html

Url: http://secunia.com/advisories/19950

Url: http://www.vupen.com/english/advisories/2008/0083

Url: http://www.redhat.com/support/errata/RHSA-2006-0330.html

Url: http://www.novell.com/linux/security/advisories/2006_04_25.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2006-0748

Url: http://www.securityfocus.com/archive/1/438730/100/0/threaded

Url: http://www.debian.org/security/2006/dsa-1051

Url: https://usn.ubuntu.com/276-1/

Url: http://secunia.com/advisories/21033

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11164

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/25985

Url: ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc

Url: http://www.redhat.com/support/errata/RHSA-2006-0329.html

Url: http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml

Url: http://www.securityfocus.com/archive/1/432103/100/0/threaded

Url: https://usn.ubuntu.com/275-1/

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2006-0748

Url: https://www.mend.io/vulnerability-database/CVE-2006-0748

Severity Score

8.1

Weakness Type (CWE)

Resource Management Errors

CWE-399

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	9.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Do you need more information?

Contact Us