FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-3804

This CVE name corresponds to:

Entered Topic
2006-07-27 mozilla -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2006-3804 at cve.mitre.org

Details

Type Candidate
Name CVE-2006-3804
Phase Assigned(20060724)

Description

Heap-based buffer overflow in Mozilla Thunderbird before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service (crash) via a VCard attachment with a malformed base64 field, which copies more data than expected due to an integer underflow.

References

Source Reference
CONFIRM http://www.mozilla.org/security/announce/2006/mfsa2006-49.html
CONFIRM https://issues.rpath.com/browse/RPL-537
GENTOO GLSA-200608-02
GENTOO GLSA-200608-04
HP HPSBUX02156
HP SSRT061236
MANDRIVA MDKSA-2006:143
MANDRIVA MDKSA-2006:145
MANDRIVA MDKSA-2006:146
REDHAT RHSA-2006:0608
REDHAT RHSA-2006:0611
REDHAT RHSA-2006:0609
REDHAT RHSA-2006:0594
SGI 20060703-01-P
SUNALERT 102763
SUSE SUSE-SA:2006:048
UBUNTU USN-329-1
UBUNTU USN-350-1
CERT TA06-208A
CERT-VN VU#897540
BID 19181
OVAL oval:org.mitre.oval:def:11395
VUPEN ADV-2006-2998
VUPEN ADV-2007-0058
VUPEN ADV-2006-3749
SECTRACK 1016587
SECTRACK 1016588
SECUNIA 21228
SECUNIA 21229
SECUNIA 21246
SECUNIA 21269
SECUNIA 21275
SECUNIA 21336
SECUNIA 21358
SECUNIA 21250
SECUNIA 21262
SECUNIA 21343
SECUNIA 21529
SECUNIA 21532
SECUNIA 21607
SECUNIA 21631
SECUNIA 22055
SECUNIA 22065
XF mozilla-vcard-base64-bo(27985)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.