CVE-2006-6500

Name	CVE-2006-6500
Description	Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by setting the CSS cursor to certain images that cause an incorrect size calculation when converting to a Windows bitmap.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
firefox (PTS)	sid	125.0.2-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version
firefox	source	(unstable)	(not affected)
iceape	source	(unstable)	(not affected)
icedove	source	(unstable)	(not affected)
iceweasel	source	(unstable)	(not affected)
mozilla	source	(unstable)	(not affected)
mozilla-firefox	source	(unstable)	(not affected)
mozilla-thunderbird	source	(unstable)	(not affected)
xulrunner	source	(unstable)	(not affected)

Notes

MFSA-2006-69
- iceweasel <not-affected> (windows only)
- xulrunner <not-affected> (Windows only)
- iceape <not-affected> (windows only)
- firefox <not-affected> (windows only)
- mozilla <not-affected> (windows only)
- mozilla-firefox <not-affected> (windows only)
- mozilla-thunderbird <not-affected> (windows only)
- icedove <not-affected> (windows only)