National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2006-6498 Detail

Current Description

Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown impact and attack vectors.

Source:  MITRE      Last Modified:  12/19/2006      View Analysis Description

Quick Info

CVE Dictionary Entry:
CVE-2006-6498
Original release date:
12/19/2006
Last revised:
10/10/2017
Source:
US-CERT/NIST

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:
6.8 MEDIUM
Vector:
(AV:N/AC:M/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore:
6.4
Exploitability Subscore:
8.6
CVSS Version 2 Metrics:
Access Vector:
Network exploitable - Victim must voluntarily interact with attack mechanism
Access Complexity:
Medium
Authentication:
Not required to exploit
Impact Type:
Provides unauthorized access, Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc External Source SGI 20061202-01-P
http://fedoranews.org/cms/node/2297 External Source FEDORA FEDORA-2006-1491
http://fedoranews.org/cms/node/2338 External Source FEDORA FEDORA-2007-004
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 External Source HP SSRT061181
http://rhn.redhat.com/errata/RHSA-2006-0758.html Vendor Advisory External Source REDHAT RHSA-2006:0758
http://rhn.redhat.com/errata/RHSA-2006-0759.html Vendor Advisory External Source REDHAT RHSA-2006:0759
http://rhn.redhat.com/errata/RHSA-2006-0760.html Vendor Advisory External Source REDHAT RHSA-2006:0760
http://security.gentoo.org/glsa/glsa-200701-02.xml External Source GENTOO GLSA-200701-02
http://securitytracker.com/id?1017398 External Source SECTRACK 1017398
http://securitytracker.com/id?1017405 External Source SECTRACK 1017405
http://securitytracker.com/id?1017406 External Source SECTRACK 1017406
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102955-1 External Source SUNALERT 102955
http://www.debian.org/security/2007/dsa-1253 External Source DEBIAN DSA-1253
http://www.debian.org/security/2007/dsa-1258 External Source DEBIAN DSA-1258
http://www.debian.org/security/2007/dsa-1265 External Source DEBIAN DSA-1265
http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml External Source GENTOO GLSA-200701-04
http://www.kb.cert.org/vuls/id/427972 US Government Resource External Source CERT-VN VU#427972
http://www.kb.cert.org/vuls/id/447772 US Government Resource External Source CERT-VN VU#447772
http://www.mozilla.org/security/announce/2006/mfsa2006-68.html External Source CONFIRM http://www.mozilla.org/security/announce/2006/mfsa2006-68.html
http://www.novell.com/linux/security/advisories/2006_80_mozilla.html External Source SUSE SUSE-SA:2006:080
http://www.novell.com/linux/security/advisories/2007_06_mozilla.html External Source SUSE SUSE-SA:2007:006
http://www.securityfocus.com/archive/1/archive/1/455145/100/0/threaded External Source BUGTRAQ 20061222 rPSA-2006-0234-1 firefox
http://www.securityfocus.com/archive/1/archive/1/455728/100/200/threaded External Source BUGTRAQ 20070102 rPSA-2006-0234-2 firefox thunderbird
http://www.securityfocus.com/bid/21668 External Source BID 21668
http://www.ubuntu.com/usn/usn-398-1 External Source UBUNTU USN-398-1
http://www.ubuntu.com/usn/usn-398-2 External Source UBUNTU USN-398-2
http://www.ubuntu.com/usn/usn-400-1 External Source UBUNTU USN-400-1
http://www.us-cert.gov/cas/techalerts/TA06-354A.html US Government Resource External Source CERT TA06-354A
http://www.vupen.com/english/advisories/2006/5068 External Source VUPEN ADV-2006-5068
http://www.vupen.com/english/advisories/2007/2106 External Source VUPEN ADV-2007-2106
http://www.vupen.com/english/advisories/2008/0083 External Source VUPEN ADV-2008-0083
https://issues.rpath.com/browse/RPL-883 External Source CONFIRM https://issues.rpath.com/browse/RPL-883
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10661 External Source OVAL oval:org.mitre.oval:def:10661

References to Check Content

Identifier:
oval:org.mitre.oval:def:10661
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10661

Technical Details

Vulnerability Type (View All)

Vulnerable software and versions Switch to CPE 2.2

Configuration 1
OR
cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*
Configuration 2
OR
cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.8:*:*:*:*:*:*:*
Configuration 3
OR
cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History 2 change records found - show changes