First published: Fri Apr 14 2006(Updated: )
Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary bytecode via JavaScript with a large regular expression.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Firefox | =1.5-beta2 | |
Mozilla Thunderbird | =1.0.7 | |
Mozilla Firefox | =1.0.2 | |
Mozilla SeaMonkey | =1.0-beta | |
Mozilla Firefox | =1.5-beta1 | |
Mozilla Firefox | =1.5 | |
Mozilla Mozilla Suite | =1.7.10 | |
Mozilla Firefox | =1.0.4 | |
Mozilla Firefox | =1.0.7 | |
Mozilla Mozilla Suite | =1.7.8 | |
Mozilla Thunderbird | =1.0 | |
Mozilla Thunderbird | =1.0.1 | |
Mozilla Thunderbird | =1.5-beta2 | |
Mozilla SeaMonkey | =1.0 | |
Mozilla Thunderbird | =1.0.2 | |
Mozilla Mozilla Suite | =1.7.11 | |
Mozilla Firefox | =1.0 | |
Mozilla Thunderbird | =1.5 | |
Mozilla Firefox | =1.0.1 | |
Mozilla Thunderbird | =1.0.4 | |
Mozilla Thunderbird | =1.0.3 | |
Mozilla Firefox | =1.0.3 | |
Mozilla Thunderbird | =1.0.6 | |
Mozilla Thunderbird | =1.0.5-beta | |
Mozilla Mozilla Suite | =1.7.7 | |
Mozilla Mozilla Suite | =1.7.6 | |
Mozilla Thunderbird | =1.0.5 | |
Mozilla Firefox | =1.0.5 | |
Mozilla Firefox | =1.0.6 | |
Mozilla Mozilla Suite | =1.7.12 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2006-1737 has a severity rating that classifies it as a denial of service vulnerability, potentially leading to application crashes.
To fix CVE-2006-1737, upgrade to the latest version of Mozilla Firefox, Thunderbird, SeaMonkey, or Mozilla Suite that includes the relevant security patches.
CVE-2006-1737 affects Mozilla Firefox, Thunderbird, SeaMonkey, and Mozilla Suite versions prior to their respective updates addressing the vulnerability.
CVE-2006-1737 involves an integer overflow issue that can be exploited via JavaScript with large regular expressions.
While CVE-2006-1737 primarily causes denial of service, it may also allow the execution of arbitrary bytecode under certain conditions.