CVE-2006-2779
Published: 2 June 2006
Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
firefox Launchpad, Ubuntu, Debian |
dapper |
Released
(1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1)
|
| edgy |
Not vulnerable
|
|
| feisty |
Not vulnerable
|
|
| upstream |
Needs triage
|
|
|
firefox-granparadiso Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| edgy |
Does not exist
|
|
| feisty |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
lightning-sunbird Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| edgy |
Does not exist
|
|
| feisty |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
midbrowser Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| edgy |
Does not exist
|
|
| feisty |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
mozilla-thunderbird Launchpad, Ubuntu, Debian |
dapper |
Released
(1.5.0.13-0ubuntu0.6.06)
|
| edgy |
Released
(1.5.0.13-0ubuntu0.6.10)
|
|
| feisty |
Released
(1.5.0.13-0ubuntu0.7.04)
|
|
| upstream |
Needs triage
|