← back
CVE-2006-2779

CVE-2006-2779

EPSS 6.8%
Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://rhn.redhat.com/errata/RHSA-2006-0609.htmlhttp://secunia.com/advisories/20376http://secunia.com/advisories/20382http://secunia.com/advisories/20561http://secunia.com/advisories/20709http://secunia.com/advisories/21134http://secunia.com/advisories/21176http://secunia.com/advisories/21178http://secunia.com/advisories/21183http://secunia.com/advisories/21188http://secunia.com/advisories/21210http://secunia.com/advisories/21269