VDB
GSD-2006-2779
GSD-2006-2779
PUBLISHED
Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
Timeline
- Apr 20, 2026 Distribution Patch
- Apr 20, 2026 Distribution Patch
- Apr 20, 2026 Distribution Patch
- Apr 20, 2026 Distribution Patch
- Apr 20, 2026 Distribution Patch
- Apr 20, 2026 Security Advisory
- Apr 20, 2026 Security Advisory
- Apr 20, 2026 Security Advisory
- Apr 20, 2026 Security Advisory
- Apr 20, 2026 Security Advisory
- Apr 20, 2026 Security Advisory
- Apr 20, 2026 CVE Published
References
- 27216 third-party-advisory
- 20709 third-party-advisory
- http://www.mozilla.org/security/announce/2006/mfsa2006-32.html url
- 21176 third-party-advisory
- MDKSA-2006:145 vendor-advisory
- ADV-2006-3748 vdb
- mozilla-browserengine-memory-corruption(26843) vdb
- 20561 third-party-advisory
- oval:org.mitre.oval:def:9762 vdb
- TA06-153A third-party-advisory
- 21210 third-party-advisory
- RHSA-2006:0594 vendor-advisory
- 21336 third-party-advisory
- 20382 third-party-advisory
- 1016214 vdb
- 20060602 rPSA-2006-0091-1 firefox thunderbird mailing-list
- ADV-2006-3749 vdb
- RHSA-2006:0610 vendor-advisory
- 21654 third-party-advisory
- 20376 third-party-advisory
…and 41 more