CVE-2006-0297: Integer Overflow
First published: Thu Feb 02 2006(Updated: )
Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the (1) EscapeAttributeValue in jsxml.c for E4X, (2) nsSVGCairoSurface::Init in SVG, and (3) nsCanvasRenderingContext2D.cpp in Canvas.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla SeaMonkey | =1.0-beta | |
| Firefox | =1.5-beta1 | |
| Firefox | =1.5 | |
| Mozilla SeaMonkey | =1.0 | |
| Thunderbird | =1.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/show_bug.cgi?id=319872
- https://bugzilla.mozilla.org/show_bug.cgi?id=322215
- http://www.securityfocus.com/bid/16476
- http://secunia.com/advisories/18700
- http://secunia.com/advisories/18704
- http://securitytracker.com/id?1015570
- http://www.mozilla.org/security/announce/2006/mfsa2006-06.html
- http://secunia.com/advisories/22065
- http://www.vupen.com/english/advisories/2006/3749
- http://www.vupen.com/english/advisories/2006/0413
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24435
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1339
- http://www.securityfocus.com/archive/1/446657/100/200/threaded
Frequently Asked Questions
What is the severity of CVE-2006-0297?
CVE-2006-0297 is classified as a critical severity vulnerability due to the potential for arbitrary code execution.
How do I fix CVE-2006-0297?
To mitigate CVE-2006-0297, users should update to the latest versions of Mozilla Firefox, Thunderbird, or SeaMonkey.
What software versions are affected by CVE-2006-0297?
CVE-2006-0297 affects Mozilla Firefox 1.5, Thunderbird 1.5, and SeaMonkey 1.0, including their beta and alpha versions.
Can CVE-2006-0297 be exploited remotely?
Yes, CVE-2006-0297 can be exploited remotely by attackers if JavaScript is enabled in the affected software.
What types of vulnerabilities does CVE-2006-0297 contain?
CVE-2006-0297 contains multiple integer overflow vulnerabilities related to E4X and SVG processing.
- agent/type
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/mozilla
- canonical/mozilla seamonkey
- version/mozilla seamonkey/1.0-beta
- canonical/firefox
- version/firefox/1.5-beta1
- version/firefox/1.5
- version/mozilla seamonkey/1.0
- canonical/thunderbird
- version/thunderbird/1.5