PT-2006-7537 · Debian+2 · Debian+8

Priit Laes

·

Publicado

1970-01-01

·

Atualizado

2018-10-17

·

CVE-2006-4565

CVSS v2.0

10

Alta

VetorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 1.5.0.7 Thunderbird versions prior to 1.5.0.7 SeaMonkey versions prior to 1.0.5 libnspr4 (affected versions not specified) libnss3 (affected versions not specified) libnspr-dev (affected versions not specified) libnss-dev (affected versions not specified)
Description The issue involves multiple vulnerabilities in various software packages, including libnspr4, libnss3, libnspr-dev, and libnss-dev, in the Debian GNU/Linux operating system. These vulnerabilities can be exploited remotely, potentially leading to a breach of confidentiality, integrity, and availability of protected information. A specific vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a JavaScript regular expression with a "minimal quantifier."
Recommendations For Mozilla Firefox versions prior to 1.5.0.7, update to version 1.5.0.7 or later. For Thunderbird versions prior to 1.5.0.7, update to version 1.5.0.7 or later. For SeaMonkey versions prior to 1.0.5, update to version 1.0.5 or later. For libnspr4, libnss3, libnspr-dev, and libnss-dev, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

BDU:2015-01278
BDU:2015-01279
BDU:2015-01280
BDU:2015-01281
CVE-2006-4565
DSA-1191-1
DSA-1192-1
DSA-1210
HPSBUX02153
RHSA-2006:0675
RHSA-2006:0676
RHSA-2006:0677
RHSA-2006_0675
RHSA-2006_0676
RHSA-2006_0677

Produtos afetados

Debian
Firefox
Red Hat
Seamonkey
Thunderbird
Libnspr-Dev
Libnspr4
Libnss-Dev
Libnss3