CVE-2006-6498
First published: Wed Dec 20 2006(Updated: )
Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown impact and attack vectors.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Firefox | =1.5.0.6 | |
| Firefox | =1.5.0.3 | |
| Mozilla Firefox | =1.7 | |
| Firefox | =1.5 | |
| Firefox | =1.5.0.7 | |
| Firefox | =2.0 | |
| Firefox | =1.5.0.8 | |
| Firefox | =1.5.0.5 | |
| Firefox | =1.5.0.2 | |
| Firefox | =1.5.0.4 | |
| Firefox | =1.5.0.1 | |
| Thunderbird | =1.5.0.7 | |
| Thunderbird | =0.6 | |
| Thunderbird | =0.7.2 | |
| Thunderbird | =0.3 | |
| Thunderbird | =0.2 | |
| Thunderbird | =1.0.7 | |
| Thunderbird | =1.5.0.3 | |
| Thunderbird | =1.5.0.5 | |
| Thunderbird | =1.5.0.6 | |
| Thunderbird | =1.0 | |
| Thunderbird | =1.0.1 | |
| Thunderbird | =1.0.2 | |
| Thunderbird | =1.5 | |
| Thunderbird | =1.5.0.2 | |
| Thunderbird | =1.5.0.8 | |
| Thunderbird | =0.5 | |
| Thunderbird | =1.0.4 | |
| Thunderbird | =0.9 | |
| Thunderbird | =1.0.3 | |
| Thunderbird | =0.7.3 | |
| Thunderbird | =0.4 | |
| Thunderbird | =0.7 | |
| Thunderbird | =1.0.6 | |
| Thunderbird | =1.5.0.1 | |
| Thunderbird | =1.0.8 | |
| Thunderbird | =0.1 | |
| Thunderbird | =0.7.1 | |
| Thunderbird | =1.0.5 | |
| Thunderbird | =0.8 | |
| Thunderbird | =1.5.0.4 | |
| Mozilla SeaMonkey | =1.0.3 | |
| Mozilla SeaMonkey | =1.0.1 | |
| Mozilla SeaMonkey | =1.0.6 | |
| Mozilla SeaMonkey | =1.0 | |
| Mozilla SeaMonkey | =1.0.2 | |
| Mozilla SeaMonkey | =1.0.5 | |
| Mozilla SeaMonkey | =1.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.mozilla.org/security/announce/2006/mfsa2006-68.html
- http://rhn.redhat.com/errata/RHSA-2006-0758.html
- http://rhn.redhat.com/errata/RHSA-2006-0759.html
- http://rhn.redhat.com/errata/RHSA-2006-0760.html
- http://securitytracker.com/id?1017398
- http://securitytracker.com/id?1017405
- http://securitytracker.com/id?1017406
- http://secunia.com/advisories/23433
- http://secunia.com/advisories/23439
- http://secunia.com/advisories/23440
- https://issues.rpath.com/browse/RPL-883
- http://www.us-cert.gov/cas/techalerts/TA06-354A.html
- http://www.securityfocus.com/bid/21668
- http://secunia.com/advisories/23282
- http://secunia.com/advisories/23420
- http://secunia.com/advisories/23422
- http://secunia.com/advisories/23468
- http://secunia.com/advisories/23514
- http://www.novell.com/linux/security/advisories/2006_80_mozilla.html
- http://www.ubuntu.com/usn/usn-398-1
- http://secunia.com/advisories/23589
- http://fedoranews.org/cms/node/2297
- http://fedoranews.org/cms/node/2338
- http://security.gentoo.org/glsa/glsa-200701-02.xml
- http://www.ubuntu.com/usn/usn-398-2
- http://www.ubuntu.com/usn/usn-400-1
- http://secunia.com/advisories/23601
- http://secunia.com/advisories/23545
- http://secunia.com/advisories/23591
- http://secunia.com/advisories/23614
- http://secunia.com/advisories/23618
- http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml
- http://secunia.com/advisories/23692
- http://www.novell.com/linux/security/advisories/2007_06_mozilla.html
- http://www.kb.cert.org/vuls/id/447772
- http://secunia.com/advisories/23672
- http://www.debian.org/security/2007/dsa-1253
- http://www.debian.org/security/2007/dsa-1258
- http://www.debian.org/security/2007/dsa-1265
- http://www.kb.cert.org/vuls/id/427972
- http://secunia.com/advisories/23988
- http://secunia.com/advisories/24078
- http://secunia.com/advisories/24390
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102955-1
- http://secunia.com/advisories/25556
- http://www.vupen.com/english/advisories/2007/2106
- http://www.vupen.com/english/advisories/2008/0083
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
- http://www.vupen.com/english/advisories/2006/5068
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10661
- http://www.securityfocus.com/archive/1/455728/100/200/threaded
- http://www.securityfocus.com/archive/1/455145/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-6498?
CVE-2006-6498 has been classified with a high severity due to the potential for denial of service attacks.
How do I fix CVE-2006-6498?
To fix CVE-2006-6498, users should update their Mozilla Firefox, Thunderbird, or SeaMonkey browsers to the latest versions provided by Mozilla.
Which versions are affected by CVE-2006-6498?
CVE-2006-6498 affects Mozilla Firefox 1.5.x below version 1.5.0.9, Thunderbird versions prior to 1.5.0.9, and various versions of SeaMonkey and Mozilla.
What type of attacks can occur due to CVE-2006-6498?
CVE-2006-6498 can allow remote attackers to execute denial of service attacks, potentially causing memory corruption.
Is there a specific workaround for CVE-2006-6498 if updates cannot be applied?
There are no specific workarounds published for CVE-2006-6498, and the best course of action is to upgrade to the latest software versions.
- agent/references
- agent/type
- agent/weakness
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/mozilla
- canonical/firefox
- version/firefox/1.5.0.6
- version/firefox/1.5.0.3
- canonical/mozilla firefox
- version/mozilla firefox/1.7
- version/firefox/1.5
- version/firefox/1.5.0.7
- version/firefox/2.0
- version/firefox/1.5.0.8
- version/firefox/1.5.0.5
- version/firefox/1.5.0.2
- version/firefox/1.5.0.4
- version/firefox/1.5.0.1
- canonical/thunderbird
- version/thunderbird/1.5.0.7
- version/thunderbird/0.6
- version/thunderbird/0.7.2
- version/thunderbird/0.3
- version/thunderbird/0.2
- version/thunderbird/1.0.7
- version/thunderbird/1.5.0.3
- version/thunderbird/1.5.0.5
- version/thunderbird/1.5.0.6
- version/thunderbird/1.0
- version/thunderbird/1.0.1
- version/thunderbird/1.0.2
- version/thunderbird/1.5
- version/thunderbird/1.5.0.2
- version/thunderbird/1.5.0.8
- version/thunderbird/0.5
- version/thunderbird/1.0.4
- version/thunderbird/0.9
- version/thunderbird/1.0.3
- version/thunderbird/0.7.3
- version/thunderbird/0.4
- version/thunderbird/0.7
- version/thunderbird/1.0.6
- version/thunderbird/1.5.0.1
- version/thunderbird/1.0.8
- version/thunderbird/0.1
- version/thunderbird/0.7.1
- version/thunderbird/1.0.5
- version/thunderbird/0.8
- version/thunderbird/1.5.0.4
- canonical/mozilla seamonkey
- version/mozilla seamonkey/1.0.3
- version/mozilla seamonkey/1.0.1
- version/mozilla seamonkey/1.0.6
- version/mozilla seamonkey/1.0
- version/mozilla seamonkey/1.0.2
- version/mozilla seamonkey/1.0.5
- version/mozilla seamonkey/1.0.4