[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250363

 
 

909

 
 

196124

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-3804Date: (C)2006-07-27   (M)2023-12-22


Heap-based buffer overflow in Mozilla Thunderbird before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service (crash) via a VCard attachment with a malformed base64 field, which copies more data than expected due to an integer underflow.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECTRACK-1016587
SECTRACK-1016588
SUNALERT-102763
BID-19181
20060703-01-P
SECUNIA-21228
SECUNIA-21229
SECUNIA-21246
SECUNIA-21250
SECUNIA-21262
SECUNIA-21269
SECUNIA-21275
SECUNIA-21336
SECUNIA-21343
SECUNIA-21358
SECUNIA-21529
SECUNIA-21532
SECUNIA-21607
SECUNIA-21631
SECUNIA-22055
SECUNIA-22065
ADV-2006-2998
ADV-2006-3749
ADV-2007-0058
GLSA-200608-02
GLSA-200608-04
HPSBUX02156
MDKSA-2006:143
MDKSA-2006:145
MDKSA-2006:146
RHSA-2006:0594
RHSA-2006:0608
RHSA-2006:0609
RHSA-2006:0611
SUSE-SA:2006:048
TA06-208A
USN-329-1
USN-350-1
VU#897540
http://www.mozilla.org/security/announce/2006/mfsa2006-49.html
https://issues.rpath.com/browse/RPL-537
mozilla-vcard-base64-bo(27985)

CPE    6
cpe:/a:mozilla:seamonkey:1.0.1
cpe:/a:mozilla:seamonkey:1.0.2
cpe:/a:mozilla:seamonkey:1.0
cpe:/a:mozilla:thunderbird:1.5
...

© SecPod Technologies