CVE-2006-0748
First published: Fri Apr 14 2006(Updated: )
Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via "an invalid and non-sensical ordering of table-related tags" that results in a negative array index.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | =1.5-beta2 | |
| Mozilla Thunderbird | =1.0.7 | |
| Mozilla Firefox | =1.0.2 | |
| Mozilla SeaMonkey | =1.0-beta | |
| Mozilla Firefox | =1.5-beta1 | |
| Mozilla Firefox | =1.5 | |
| Mozilla Firefox | =1.0.4 | |
| Mozilla Firefox | =1.0.7 | |
| Mozilla Thunderbird | =1.0 | |
| Mozilla Thunderbird | =1.0.1 | |
| Mozilla Thunderbird | =1.5-beta2 | |
| Mozilla SeaMonkey | =1.0 | |
| Mozilla Thunderbird | =1.0.2 | |
| Mozilla Firefox | =1.0 | |
| Mozilla Thunderbird | =1.5 | |
| Mozilla Firefox | =1.0.1 | |
| Mozilla Firefox | =preview_release | |
| Mozilla Thunderbird | =1.0.4 | |
| Mozilla Thunderbird | =1.0.3 | |
| Mozilla Firefox | =1.0.3 | |
| Mozilla Thunderbird | =1.0.6 | |
| Mozilla Thunderbird | =1.0.5-beta | |
| Mozilla Thunderbird | =1.5.0.1 | |
| Mozilla Thunderbird | =1.0.5 | |
| Mozilla Firefox | =1.5.0.1 | |
| Mozilla Firefox | =1.0.5 | |
| Mozilla Firefox | =1.0.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.mozilla.org/security/announce/2006/mfsa2006-27.html
- http://www.securityfocus.com/bid/17516
- http://www.debian.org/security/2006/dsa-1044
- http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
- http://secunia.com/advisories/19759
- http://secunia.com/advisories/19794
- http://secunia.com/advisories/19821
- http://www.debian.org/security/2006/dsa-1046
- http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
- http://secunia.com/advisories/19811
- http://secunia.com/advisories/19823
- http://secunia.com/advisories/19852
- http://secunia.com/advisories/19862
- http://secunia.com/advisories/19863
- http://secunia.com/advisories/19902
- http://www.debian.org/security/2006/dsa-1051
- http://secunia.com/advisories/19950
- http://secunia.com/advisories/19941
- http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml
- http://www.redhat.com/support/errata/RHSA-2006-0329.html
- http://www.redhat.com/support/errata/RHSA-2006-0330.html
- http://secunia.com/advisories/21033
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
- http://secunia.com/advisories/21622
- http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
- http://secunia.com/advisories/20051
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:075
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:076
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:078
- http://secunia.com/advisories/22065
- http://secunia.com/advisories/22066
- http://www.zerodayinitiative.com/advisories/ZDI-06-011/
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1
- http://www.vupen.com/english/advisories/2006/1356
- http://www.vupen.com/english/advisories/2006/3749
- http://www.vupen.com/english/advisories/2006/3748
- http://www.vupen.com/english/advisories/2006/3391
- http://www.vupen.com/english/advisories/2008/0083
- http://www.novell.com/linux/security/advisories/2006_04_25.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25985
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1189
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11164
- https://usn.ubuntu.com/276-1/
- https://usn.ubuntu.com/275-1/
- http://www.securityfocus.com/archive/1/446658/100/200/threaded
- http://www.securityfocus.com/archive/1/446657/100/200/threaded
- http://www.securityfocus.com/archive/1/438730/100/0/threaded
- http://www.securityfocus.com/archive/1/436338/100/0/threaded
- http://www.securityfocus.com/archive/1/436296/100/0/threaded
- http://www.securityfocus.com/archive/1/432103/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-0748?
CVE-2006-0748 is classified as a critical vulnerability, as it allows remote attackers to execute arbitrary code.
How do I fix CVE-2006-0748?
To fix CVE-2006-0748, users should upgrade to the latest version of Mozilla Firefox or Thunderbird that has patched the vulnerability.
Which versions are affected by CVE-2006-0748?
CVE-2006-0748 affects Mozilla Firefox and Thunderbird versions prior to 1.5.0.2 and 1.0.8, along with Mozilla Suite and SeaMonkey before version 1.0.1.
What types of attacks can exploit CVE-2006-0748?
CVE-2006-0748 can be exploited through specially crafted web pages or email messages that trigger the vulnerability.
Is there a workaround for CVE-2006-0748?
While there is no official workaround for CVE-2006-0748, users are advised to avoid opening untrusted links and emails until they can update their software.
- agent/references
- agent/softwarecombine
- agent/type
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/author
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- agent/first-publish-date
- agent/source
- vendor/mozilla
- canonical/mozilla firefox
- version/mozilla firefox/1.5-beta2
- canonical/mozilla thunderbird
- version/mozilla thunderbird/1.0.7
- version/mozilla firefox/1.0.2
- canonical/mozilla seamonkey
- version/mozilla seamonkey/1.0-beta
- version/mozilla firefox/1.5-beta1
- version/mozilla firefox/1.5
- version/mozilla firefox/1.0.4
- version/mozilla firefox/1.0.7
- version/mozilla thunderbird/1.0
- version/mozilla thunderbird/1.0.1
- version/mozilla thunderbird/1.5-beta2
- version/mozilla seamonkey/1.0
- version/mozilla thunderbird/1.0.2
- version/mozilla firefox/1.0
- version/mozilla thunderbird/1.5
- version/mozilla firefox/1.0.1
- version/mozilla firefox/preview_release
- version/mozilla thunderbird/1.0.4
- version/mozilla thunderbird/1.0.3
- version/mozilla firefox/1.0.3
- version/mozilla thunderbird/1.0.6
- version/mozilla thunderbird/1.0.5-beta
- version/mozilla thunderbird/1.5.0.1
- version/mozilla thunderbird/1.0.5
- version/mozilla firefox/1.5.0.1
- version/mozilla firefox/1.0.5
- version/mozilla firefox/1.0.6