CVE-2006-2779
mozilla - several
EPSS 23.3%
Description
Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption.
How to fix CVE-2006-2779
To remediate CVE-2006-2779, upgrade the affected package to a fixed version below.
- Debian/mozilla—upgrade to 2:1.7.8-1sarge7.2.2 or later
- —upgrade to 1.0.2-2.sarge1.0.8b.1 or later
- —upgrade to 1.5.0.4-1 or later
Is CVE-2006-2779 being exploited?
Moderate — EPSS is 23.3%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (3)
- from 0, < 2:1.7.8-1sarge7.2.2
- from 0, < 1.0.2-2.sarge1.0.8b.1
- from 0, < 1.5.0.4-1