CVE-2006-2778
EPSS 23.3%
Description
The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow.
How to fix CVE-2006-2778
To remediate CVE-2006-2778, upgrade the affected package to a fixed version below.
- Debian/thunderbird—upgrade to 1.5.0.4-1 or later
Is CVE-2006-2778 being exploited?
Moderate — EPSS is 23.3%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 1.5.0.4-1