CVE-2006-6498

NameCVE-2006-6498
DescriptionMultiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown impact and attack vectors.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-1253-1, DSA-1258-1, DSA-1265-1
NVD severitymedium (attack range: remote, user-initiated)
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
iceape (PTS)squeeze (security)2.0.11-17fixed
icedove (PTS)squeeze (security), squeeze3.0.11-1+squeeze15fixed
wheezy31.3.0-1~deb7u1fixed
wheezy (security)31.5.0-1~deb7u1fixed
jessie31.4.0-2fixed
sid31.5.0-1fixed
iceweasel (PTS)squeeze (security), squeeze3.5.16-20fixed
wheezy31.3.0esr-1~deb7u1fixed
wheezy (security)31.5.0esr-1~deb7u1fixed
jessie, sid31.5.0esr-1fixed
xulrunner (PTS)wheezy, wheezy (security)24.8.1esr-2~deb7u1fixed

The information above is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
firefoxsource(unstable)(unfixed)high
iceapesource(unstable)1.0.7-1high
icedovesource(unstable)1.5.0.9.dfsg1-1low
iceweaselsource(unstable)2.0.0.1+dfsg-1high
mozillasource(unstable)(unfixed)high
mozillasourcesarge2:1.7.8-1sarge10mediumDSA-1265-1
mozilla-firefoxsource(unstable)(unfixed)high
mozilla-firefoxsourcesarge1.0.4-2sarge15mediumDSA-1253-1
mozilla-thunderbirdsource(unstable)(unfixed)low
mozilla-thunderbirdsourcesarge1.0.2-2.sarge1.0.8e.2mediumDSA-1258-1
xulrunnersource(unstable)1.8.0.9-1high

Notes

MFSA-2006-68

Search for package or bug name: Reporting problems