National Vulnerability Database

National Vulnerability Database

National Vulnerability

CVE-2006-2778 Detail


The crypto.signText function in Mozilla Firefox and Thunderbird before allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow.

Source:  MITRE      Last Modified:  06/02/2006

Quick Info

CVE Dictionary Entry:
Original release date:
Last revised:


CVSS Severity (version 2.0):
CVSS v2 Base Score:
(AV:N/AC:L/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore:
Exploitability Subscore:
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
Not required to exploit
Impact Type:
Allows unauthorized modification

Evaluator Solution

Fixed in: Firefox Thunderbird SeaMonkey 1.0.2

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to

Hyperlink Resource Type Source Name External Source REDHAT RHSA-2006:0609 External Source SECTRACK 1016202 External Source SECTRACK 1016214 External Source SUNALERT 102763 External Source DEBIAN DSA-1118 External Source DEBIAN DSA-1120 External Source DEBIAN DSA-1134 External Source GENTOO GLSA-200606-12 External Source GENTOO GLSA-200606-21 US Government Resource External Source CERT-VN VU#421529 External Source MANDRIVA MDKSA-2006:143 External Source MANDRIVA MDKSA-2006:145 External Source MANDRIVA MDKSA-2006:146 External Source CONFIRM External Source SUSE SUSE-SA:2006:035 External Source REDHAT RHSA-2006:0578 External Source REDHAT RHSA-2006:0594 External Source REDHAT RHSA-2006:0610 External Source REDHAT RHSA-2006:0611 External Source BUGTRAQ 20060602 rPSA-2006-0091-1 firefox thunderbird External Source HP HPSBUX02156 External Source HP SSRT061181 External Source BID 18228 External Source UBUNTU USN-296-1 External Source UBUNTU USN-296-2 External Source UBUNTU USN-297-1 External Source UBUNTU USN-297-3 External Source UBUNTU USN-323-1 US Government Resource External Source CERT TA06-153A External Source VUPEN ADV-2006-2106 External Source VUPEN ADV-2006-3748 External Source VUPEN ADV-2006-3749 External Source VUPEN ADV-2007-0058 External Source VUPEN ADV-2008-0083 External Source XF mozilla-crypto-signtext-bo(26849) External Source OVAL oval:org.mitre.oval:def:9703

References to Check Content

Check System:

Technical Details

Vulnerability Type (View All)

Change History 3 change records found - show changes