CVE-2006-4566 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2006-4566

CVE-2006-4566

September 15, 2006

Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) via a malformed JavaScript regular expression that ends with a backslash in an unterminated character set ("[\"), which leads to a buffer over-read.

Related Resources (59)

https://issues.rpath.com/browse/RPL-640

http://secunia.com/advisories/22849

http://www.vupen.com/english/advisories/2006/3617

http://secunia.com/advisories/21915

http://www.ubuntu.com/usn/usn-352-1

ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc

http://secunia.com/advisories/22422

http://www.novell.com/linux/security/advisories/2006_54_mozilla.html

http://www.debian.org/security/2006/dsa-1192

http://secunia.com/advisories/21949

http://securitytracker.com/id?1016846

http://secunia.com/advisories/22247

http://secunia.com/advisories/22391

http://secunia.com/advisories/22066

https://exchange.xforce.ibmcloud.com/vulnerabilities/28958

http://secunia.com/advisories/22210

http://secunia.com/advisories/22025

http://secunia.com/advisories/22274

http://securitytracker.com/id?1016847

http://secunia.com/advisories/22036

https://people.canonical.com/~ubuntu-security/cve/CVE-2006-4566

http://secunia.com/advisories/21940

http://secunia.com/advisories/21939

http://secunia.com/advisories/22195

http://secunia.com/advisories/24711

http://www.redhat.com/support/errata/RHSA-2006-0677.html

http://www.debian.org/security/2006/dsa-1210

https://access.redhat.com/security/cve/CVE-2006-4566

http://secunia.com/advisories/21916

http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm

http://www.ubuntu.com/usn/usn-350-1

http://secunia.com/advisories/22056

http://www.securityfocus.com/bid/20042

http://www.ubuntu.com/usn/usn-351-1

http://www.mandriva.com/security/advisories?name=MDKSA-2006:169

http://secunia.com/advisories/21950

http://www.mandriva.com/security/advisories?name=MDKSA-2006:168

http://www.redhat.com/support/errata/RHSA-2006-0675.html

http://www.ubuntu.com/usn/usn-354-1

http://www.kb.cert.org/vuls/id/141528

http://secunia.com/advisories/22055

http://www.mozilla.org/security/announce/2006/mfsa2006-57.html

http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742

http://secunia.com/advisories/22088

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9637

http://security.gentoo.org/glsa/glsa-200610-04.xml

http://www.vupen.com/english/advisories/2007/1198

http://www.redhat.com/support/errata/RHSA-2006-0676.html

http://security.gentoo.org/glsa/glsa-200609-19.xml

http://www.us.debian.org/security/2006/dsa-1191

http://www.vupen.com/english/advisories/2006/3748

http://security.gentoo.org/glsa/glsa-200610-01.xml

http://www.securityfocus.com/archive/1/446140/100/0/threaded

http://secunia.com/advisories/22074

http://securitytracker.com/id?1016848

http://www.vupen.com/english/advisories/2008/0083

http://secunia.com/advisories/22001

http://secunia.com/advisories/21906

http://secunia.com/advisories/22299

Do you need more information?

CVSS v4

Base Score:

6.9

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

NONE

Vulnerable System Integrity

NONE

Vulnerable System Availability

LOW

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

CVSS v2

Base Score:

5

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

EPSS

Base Score:

18.70