CVE-2006-0297

Description

Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the (1) EscapeAttributeValue in jsxml.c for E4X, (2) nsSVGCairoSurface::Init in SVG, and (3) nsCanvasRenderingContext2D.cpp in Canvas.

How to fix CVE-2006-0297

To remediate CVE-2006-0297, upgrade the affected package to a fixed version below.

• Debian/thunderbird—upgrade to 1.5.0.2-1 or later

Is CVE-2006-0297 being exploited?

Moderate — EPSS is 6.8%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 1.5.0.2-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2006-0297