CVE-2006-0292

Current Description

The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection.

Basic Data

PublishedFebruary 02, 2006
Last ModifiedOctober 19, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegetrue
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationMozillaFirefox0.8*******
    2.3ApplicationMozillaFirefox0.9*******
    2.3ApplicationMozillaFirefox0.9rc******
    2.3ApplicationMozillaFirefox0.9.1*******
    2.3ApplicationMozillaFirefox0.9.2*******
    2.3ApplicationMozillaFirefox0.9.3*******
    2.3ApplicationMozillaFirefox0.10*******
    2.3ApplicationMozillaFirefox0.10.1*******
    2.3ApplicationMozillaFirefox1.0*******
    2.3ApplicationMozillaFirefox1.0.1*******
    2.3ApplicationMozillaFirefox1.0.2*******
    2.3ApplicationMozillaFirefox1.0.3*******
    2.3ApplicationMozillaFirefox1.0.4*******
    2.3ApplicationMozillaFirefox1.0.5*******
    2.3ApplicationMozillaFirefox1.0.6*******
    2.3ApplicationMozillaFirefox1.0.6*linux*****
    2.3ApplicationMozillaFirefox1.0.7*******
    2.3ApplicationMozillaFirefox1.5*******
    2.3ApplicationMozillaFirefox1.5beta1******
    2.3ApplicationMozillaMozilla1.4*******
    2.3ApplicationMozillaMozilla1.4.1*******
    2.3ApplicationMozillaMozilla1.5*******
    2.3ApplicationMozillaMozilla1.5alpha******
    2.3ApplicationMozillaMozilla1.5rc1******
    2.3ApplicationMozillaMozilla1.5rc2******

Vulnerable Software List

VendorProductVersions
Mozilla Firefox 0.10, 0.10.1, 0.8, 0.9, 0.9.1, 0.9.2, 0.9.3, 1.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.5
Mozilla Mozilla 1.4, 1.4.1, 1.5

References

NameSourceURLTags
SCOSA-2006.26ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txtSCO
20060201-01-Uftp://patches.sgi.com/support/free/security/advisories/20060201-01-USGI
18700http://secunia.com/advisories/18700SECUNIA
18703http://secunia.com/advisories/18703SECUNIA
18704http://secunia.com/advisories/18704SECUNIA
18705http://secunia.com/advisories/18705SECUNIA
18706http://secunia.com/advisories/18706SECUNIA
18708http://secunia.com/advisories/18708SECUNIA
18709http://secunia.com/advisories/18709SECUNIA
19230http://secunia.com/advisories/19230SECUNIA
19746http://secunia.com/advisories/19746SECUNIA
19759http://secunia.com/advisories/19759SECUNIA
19780http://secunia.com/advisories/19780SECUNIA
19821http://secunia.com/advisories/19821SECUNIA
19823http://secunia.com/advisories/19823SECUNIA
19852http://secunia.com/advisories/19852SECUNIA
19862http://secunia.com/advisories/19862SECUNIA
19863http://secunia.com/advisories/19863SECUNIA
19902http://secunia.com/advisories/19902SECUNIA
19941http://secunia.com/advisories/19941SECUNIA
19950http://secunia.com/advisories/19950SECUNIA
20051http://secunia.com/advisories/20051SECUNIA
21033http://secunia.com/advisories/21033SECUNIA
21622http://secunia.com/advisories/21622SECUNIA
22065http://secunia.com/advisories/22065SECUNIA
1015570http://securitytracker.com/id?1015570SECTRACK
102550http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1SUNALERT
228526http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1SUNALERT
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htmhttp://support.avaya.com/elmodocs2/security/ASA-2006-205.htmCONFIRM
DSA-1044http://www.debian.org/security/2006/dsa-1044DEBIAN
DSA-1046http://www.debian.org/security/2006/dsa-1046DEBIAN
DSA-1051http://www.debian.org/security/2006/dsa-1051DEBIAN
GLSA-200604-12http://www.gentoo.org/security/en/glsa/glsa-200604-12.xmlGENTOO
GLSA-200604-18http://www.gentoo.org/security/en/glsa/glsa-200604-18.xmlGENTOO
GLSA-200605-09http://www.gentoo.org/security/en/glsa/glsa-200605-09.xmlGENTOO
MDKSA-2006:036http://www.mandriva.com/security/advisories?name=MDKSA-2006:036MANDRIVA
MDKSA-2006:037http://www.mandriva.com/security/advisories?name=MDKSA-2006:037MANDRIVA
MDKSA-2006:078http://www.mandriva.com/security/advisories?name=MDKSA-2006:078MANDRIVA
http://www.mozilla.org/security/announce/2006/mfsa2006-01.htmlhttp://www.mozilla.org/security/announce/2006/mfsa2006-01.htmlCONFIRM
SUSE-SA:2006:022http://www.novell.com/linux/security/advisories/2006_04_25.htmlSUSE
FEDORA-2006-075http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.htmlFEDORA
FEDORA-2006-076http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.htmlFEDORA
RHSA-2006:0199http://www.redhat.com/support/errata/RHSA-2006-0199.htmlREDHATVendor Advisory
RHSA-2006:0200http://www.redhat.com/support/errata/RHSA-2006-0200.htmlREDHATVendor Advisory
RHSA-2006:0330http://www.redhat.com/support/errata/RHSA-2006-0330.htmlREDHAT
FLSA:180036-1http://www.securityfocus.com/archive/1/425975/100/0/threadedFEDORA
FLSA-2006:180036-2http://www.securityfocus.com/archive/1/425978/100/0/threadedFEDORA
HPSBUX02122http://www.securityfocus.com/archive/1/438730/100/0/threadedHP
SSRT061236http://www.securityfocus.com/archive/1/446657/100/200/threadedHP
16476http://www.securityfocus.com/bid/16476BID
ADV-2006-0413http://www.vupen.com/english/advisories/2006/0413VUPEN
ADV-2006-3391http://www.vupen.com/english/advisories/2006/3391VUPEN
ADV-2006-3749http://www.vupen.com/english/advisories/2006/3749VUPEN
https://bugzilla.mozilla.org/show_bug.cgi?id=316885https://bugzilla.mozilla.org/show_bug.cgi?id=316885CONFIRMPatch
mozilla-javascript-memory-corruption(24430)https://exchange.xforce.ibmcloud.com/vulnerabilities/24430XF
oval:org.mitre.oval:def:10016https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10016OVAL
oval:org.mitre.oval:def:670https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A670OVAL
USN-271-1https://usn.ubuntu.com/271-1/UBUNTU
USN-275-1https://usn.ubuntu.com/275-1/UBUNTU
USN-276-1https://usn.ubuntu.com/276-1/UBUNTU