|Description||Unspecified vulnerability in Firefox and Thunderbird before 126.96.36.199, 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to DHTML.|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)|
|References||DSA-1044-1, DSA-1046-1, DSA-1051-1|
|NVD severity||high (attack range: remote)|
Vulnerable and fixed packages
The table below lists information on source packages.
|thunderbird (PTS)||wheezy (security)||1:52.6.0-1~deb7u1||fixed|
|stretch (security), stretch||1:52.6.0-1~deb9u1||fixed|
|xulrunner (PTS)||wheezy, wheezy (security)||24.8.1esr-2~deb7u1||fixed|
The information below is based on the following data on fixed versions.
MFSA2006-20 says exploitability has not been confirmed.
Thunderbird is potentially affected as well, but not in the