CVE-2006-6503

Severity

68%

Complexity

86%

Confidentiality

106%

Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to bypass cross-site scripting (XSS) protection by changing the src attribute of an IMG element to a javascript: URI.

Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to bypass cross-site scripting (XSS) protection by changing the src attribute of an IMG element to a javascript: URI.

CVSS 2.0 Base Score 6.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P).

Overview

First reported 18 years ago

2006-12-20 01:28:00

Last updated 6 years ago

2018-10-17 21:48:00

Affected Software

Mozilla Firefox

Mozilla SeaMonkey

Mozilla Thunderbird

Debian Debian Linux 3.1

3.1

Debian GNU/Linux 4.0

4.0

Canonical Ubuntu Linux 5.10

5.10

Canonical Ubuntu Linux 6.06 LTS (Long-Term Support)

6.06

Canonical Ubuntu Linux 6.10

6.10

References

20061202-01-P

Broken Link

FEDORA-2006-1491

Broken Link

FEDORA-2007-004

Broken Link

HPSBUX02153

Broken Link

RHSA-2006:0758

Third Party Advisory

RHSA-2006:0759

Third Party Advisory

RHSA-2006:0760

Third Party Advisory

23282

Third Party Advisory

23420

Third Party Advisory

23422

Third Party Advisory

23433

Third Party Advisory

23439

Third Party Advisory

23440

Third Party Advisory

23468

Third Party Advisory

23514

Third Party Advisory

23545

Third Party Advisory

23589

Third Party Advisory

23591

Third Party Advisory

23598

Third Party Advisory

23601

Third Party Advisory

23614

Third Party Advisory

23618

Third Party Advisory

23672

Third Party Advisory

23692

Third Party Advisory

23988

Third Party Advisory

24078

Third Party Advisory

24390

Third Party Advisory

GLSA-200701-02

Third Party Advisory

1017414

Third Party Advisory, VDB Entry

1017415

Third Party Advisory, VDB Entry

1017416

Third Party Advisory, VDB Entry

DSA-1253

Third Party Advisory

DSA-1258

Third Party Advisory

DSA-1265

Third Party Advisory

GLSA-200701-03

Third Party Advisory

GLSA-200701-04

Third Party Advisory

VU#405092

Third Party Advisory, US Government Resource

MDKSA-2007:010

Third Party Advisory

MDKSA-2007:011

Third Party Advisory

http://www.mozilla.org/security/announce/2006/mfsa2006-72.html

Vendor Advisory

SUSE-SA:2006:080

Broken Link

SUSE-SA:2007:006

Broken Link

20061222 rPSA-2006-0234-1 firefox

20070102 rPSA-2006-0234-2 firefox thunderbird

21668

Third Party Advisory, VDB Entry

USN-398-1

Third Party Advisory

USN-398-2

Third Party Advisory

USN-400-1

Third Party Advisory

TA06-354A

Third Party Advisory, US Government Resource

ADV-2006-5068

Third Party Advisory

ADV-2008-0083

Third Party Advisory

https://issues.rpath.com/browse/RPL-883

Broken Link

oval:org.mitre.oval:def:10895

Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.