NVD Vulnerability Detail

CVE-2006-6504

Summary	Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption.
Summary	Mozilla Firefox 2.x anterior a 2.0.0.1, 1.5.x anterior a 1.5.0.9, y SeaMonkey anterior a 1.0.7 permite a atacantes remotos ejecutar código de su elección añadiendo un nodo DOM con un comentario SVG a otro tipo de documento, lo cual desemboca en una corrupción de memoria.
Publication Date	Dec. 20, 2006, 10:28 a.m.
Registration Date	Jan. 29, 2021, 3:51 p.m.
Last Update	April 23, 2026, 9:35 a.m.

CVSS2.0 : HIGH
Score	9.3
Vector	AV:N/AC:M/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
Get all privileges.	はい
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	はい

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mozilla:firefox::::::::	1.5			1.5.0.9
cpe:2.3:a:mozilla:firefox::::::::	2.0			2.0.0.1
cpe:2.3:a:mozilla:seamonkey::::::::				1.0.7
cpe:2.3:o:canonical:ubuntu_linux:5.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:6.10:::::::*

Related information, measures and tools

No	URL	refsource
1	ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc	secalert@redhat.com
2	http://fedoranews.org/cms/node/2297	secalert@redhat.com
3	http://fedoranews.org/cms/node/2338	secalert@redhat.com
4	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742	secalert@redhat.com
5	http://rhn.redhat.com/errata/RHSA-2006-0758.html	secalert@redhat.com
6	http://rhn.redhat.com/errata/RHSA-2006-0759.html	secalert@redhat.com
7	http://rhn.redhat.com/errata/RHSA-2006-0760.html	secalert@redhat.com
8	http://secunia.com/advisories/23282	secalert@redhat.com
9	http://secunia.com/advisories/23422	secalert@redhat.com
10	http://secunia.com/advisories/23433	secalert@redhat.com
11	http://secunia.com/advisories/23439	secalert@redhat.com
12	http://secunia.com/advisories/23440	secalert@redhat.com
13	http://secunia.com/advisories/23468	secalert@redhat.com
14	http://secunia.com/advisories/23514	secalert@redhat.com
15	http://secunia.com/advisories/23545	secalert@redhat.com
16	http://secunia.com/advisories/23589	secalert@redhat.com
17	http://secunia.com/advisories/23601	secalert@redhat.com
18	http://secunia.com/advisories/23614	secalert@redhat.com
19	http://secunia.com/advisories/23618	secalert@redhat.com
20	http://secunia.com/advisories/23672	secalert@redhat.com
21	http://secunia.com/advisories/23692	secalert@redhat.com
22	http://security.gentoo.org/glsa/glsa-200701-02.xml	secalert@redhat.com
23	http://securitytracker.com/id?1017417	secalert@redhat.com
24	http://securitytracker.com/id?1017418	secalert@redhat.com
25	http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml	secalert@redhat.com
26	http://www.kb.cert.org/vuls/id/928956	secalert@redhat.com
27	http://www.mandriva.com/security/advisories?name=MDKSA-2007:010	secalert@redhat.com
28	http://www.mozilla.org/security/announce/2006/mfsa2006-73.html	secalert@redhat.com
29	http://www.novell.com/linux/security/advisories/2006_80_mozilla.html	secalert@redhat.com
30	http://www.novell.com/linux/security/advisories/2007_06_mozilla.html	secalert@redhat.com
31	http://www.securityfocus.com/archive/1/454939/100/0/threaded	secalert@redhat.com
32	http://www.securityfocus.com/archive/1/455145/100/0/threaded	secalert@redhat.com
33	http://www.securityfocus.com/archive/1/455728/100/200/threaded	secalert@redhat.com
34	http://www.securityfocus.com/bid/21668	secalert@redhat.com
35	http://www.ubuntu.com/usn/usn-398-1	secalert@redhat.com
36	http://www.ubuntu.com/usn/usn-398-2	secalert@redhat.com
37	http://www.us-cert.gov/cas/techalerts/TA06-354A.html	secalert@redhat.com
38	http://www.vupen.com/english/advisories/2006/5068	secalert@redhat.com
39	http://www.vupen.com/english/advisories/2008/0083	secalert@redhat.com
40	http://www.zerodayinitiative.com/advisories/ZDI-06-051.html	secalert@redhat.com
41	https://issues.rpath.com/browse/RPL-883	secalert@redhat.com
42	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11077	secalert@redhat.com
43	ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc	af854a3a-2127-422b-91ae-364da2661108
44	http://fedoranews.org/cms/node/2297	af854a3a-2127-422b-91ae-364da2661108
45	http://fedoranews.org/cms/node/2338	af854a3a-2127-422b-91ae-364da2661108
46	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742	af854a3a-2127-422b-91ae-364da2661108
47	http://rhn.redhat.com/errata/RHSA-2006-0758.html	af854a3a-2127-422b-91ae-364da2661108
48	http://rhn.redhat.com/errata/RHSA-2006-0759.html	af854a3a-2127-422b-91ae-364da2661108
49	http://rhn.redhat.com/errata/RHSA-2006-0760.html	af854a3a-2127-422b-91ae-364da2661108
50	http://secunia.com/advisories/23282	af854a3a-2127-422b-91ae-364da2661108
51	http://secunia.com/advisories/23422	af854a3a-2127-422b-91ae-364da2661108
52	http://secunia.com/advisories/23433	af854a3a-2127-422b-91ae-364da2661108
53	http://secunia.com/advisories/23439	af854a3a-2127-422b-91ae-364da2661108
54	http://secunia.com/advisories/23440	af854a3a-2127-422b-91ae-364da2661108
55	http://secunia.com/advisories/23468	af854a3a-2127-422b-91ae-364da2661108
56	http://secunia.com/advisories/23514	af854a3a-2127-422b-91ae-364da2661108
57	http://secunia.com/advisories/23545	af854a3a-2127-422b-91ae-364da2661108
58	http://secunia.com/advisories/23589	af854a3a-2127-422b-91ae-364da2661108
59	http://secunia.com/advisories/23601	af854a3a-2127-422b-91ae-364da2661108
60	http://secunia.com/advisories/23614	af854a3a-2127-422b-91ae-364da2661108
61	http://secunia.com/advisories/23618	af854a3a-2127-422b-91ae-364da2661108
62	http://secunia.com/advisories/23672	af854a3a-2127-422b-91ae-364da2661108
63	http://secunia.com/advisories/23692	af854a3a-2127-422b-91ae-364da2661108
64	http://security.gentoo.org/glsa/glsa-200701-02.xml	af854a3a-2127-422b-91ae-364da2661108
65	http://securitytracker.com/id?1017417	af854a3a-2127-422b-91ae-364da2661108
66	http://securitytracker.com/id?1017418	af854a3a-2127-422b-91ae-364da2661108
67	http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml	af854a3a-2127-422b-91ae-364da2661108
68	http://www.kb.cert.org/vuls/id/928956	af854a3a-2127-422b-91ae-364da2661108
69	http://www.mandriva.com/security/advisories?name=MDKSA-2007:010	af854a3a-2127-422b-91ae-364da2661108
70	http://www.mozilla.org/security/announce/2006/mfsa2006-73.html	af854a3a-2127-422b-91ae-364da2661108
71	http://www.novell.com/linux/security/advisories/2006_80_mozilla.html	af854a3a-2127-422b-91ae-364da2661108
72	http://www.novell.com/linux/security/advisories/2007_06_mozilla.html	af854a3a-2127-422b-91ae-364da2661108
73	http://www.securityfocus.com/archive/1/454939/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
74	http://www.securityfocus.com/archive/1/455145/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
75	http://www.securityfocus.com/archive/1/455728/100/200/threaded	af854a3a-2127-422b-91ae-364da2661108
76	http://www.securityfocus.com/bid/21668	af854a3a-2127-422b-91ae-364da2661108
77	http://www.ubuntu.com/usn/usn-398-1	af854a3a-2127-422b-91ae-364da2661108
78	http://www.ubuntu.com/usn/usn-398-2	af854a3a-2127-422b-91ae-364da2661108
79	http://www.us-cert.gov/cas/techalerts/TA06-354A.html	af854a3a-2127-422b-91ae-364da2661108
80	http://www.vupen.com/english/advisories/2006/5068	af854a3a-2127-422b-91ae-364da2661108
81	http://www.vupen.com/english/advisories/2008/0083	af854a3a-2127-422b-91ae-364da2661108
82	http://www.zerodayinitiative.com/advisories/ZDI-06-051.html	af854a3a-2127-422b-91ae-364da2661108
83	https://issues.rpath.com/browse/RPL-883	af854a3a-2127-422b-91ae-364da2661108
84	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11077	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-94	コード・インジェクション	https://cwe.mitre.org/data/definitions/94.html