CVE-2006-1730

Description

Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via a large number in the CSS letter-spacing property that leads to a heap-based buffer overflow.

How to fix CVE-2006-1730

To remediate CVE-2006-1730, upgrade the affected package to a fixed version below.

• Debian/thunderbird—upgrade to 1.5.0.2-1 or later

Is CVE-2006-1730 being exploited?

Moderate — EPSS is 26.5%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 1.5.0.2-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2006-1730