CVE-2006-1730

Upstream information

CVE-2006-1730 at MITRE

Description

Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via a large number in the CSS letter-spacing property that leads to a heap-based buffer overflow.

---

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having critical severity.

CVSS v2 Scores

	National Vulnerability Database
Base Score	9.3
Vector	AV:N/AC:M/Au:N/C:C/I:C/A:C
Access Vector	Network
Access Complexity	Medium
Authentication	None
Confidentiality Impact	Complete
Integrity Impact	Complete
Availability Impact	Complete

SUSE Bugzilla entry: 149024 [RESOLVED / FIXED]

SUSE Security Advisories:

• SUSE-SA:2006:021, published Thu, 20 Apr 2006 09:00:00 +0000
• SUSE-SA:2006:022, published Tue, 25 Apr 2006 15:00:00 +0000

List of released packages

Product(s)	Fixed package version(s)	References
SUSE LINUX Retail Solution 8 SuSE Linux Enterprise Server 8 for AMD64 SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries SuSE Linux Enterprise Server 8 for IBM zSeries SuSE Linux Enterprise Server 8 for IPF SuSE Linux Openexchange Server 4 SuSE Linux School Server for i386 SuSE Linux Standard Server 8 UnitedLinux 1.0	mozilla >= 1.7.8-32 mozilla-calendar >= 1.7.8-32 mozilla-devel >= 1.7.8-32 mozilla-dom-inspector >= 1.7.8-32 mozilla-irc >= 1.7.8-32 mozilla-mail >= 1.7.8-32 mozilla-spellchecker >= 1.7.8-32 mozilla-venkman >= 1.7.8-32 mozilla-xmlterm >= 1.7.8-32	ul1.ppc ul1.x86-64 ul1.s390 slss8.x86 ul1.ia64 YOU Patch Nr: 10951
Novell Linux Desktop 9 for x86 Novell Linux Desktop 9 for x86_64	MozillaFirefox >= 1.0.8-0.2 MozillaFirefox-translations >= 1.0.8-0.2	Builds YOU Patch Nr: 10950
SUSE LINUX 10.0	mozilla >= 1.7.11-9.5 mozilla-calendar >= 1.7.11-9.5 mozilla-devel >= 1.7.11-9.5 mozilla-dom-inspector >= 1.7.11-9.5 mozilla-irc >= 1.7.11-9.5 mozilla-mail >= 1.7.11-9.5 mozilla-spellchecker >= 1.7.11-9.5 mozilla-venkman >= 1.7.11-9.5
SUSE LINUX 9.3	mozilla >= 1.7.5-17.10 mozilla-32bit >= 9.3-7.4 mozilla-calendar >= 1.7.5-17.10 mozilla-devel >= 1.7.5-17.10 mozilla-dom-inspector >= 1.7.5-17.10 mozilla-irc >= 1.7.5-17.10 mozilla-mail >= 1.7.5-17.10 mozilla-spellchecker >= 1.7.5-17.10 mozilla-venkman >= 1.7.5-17.10
SUSE LINUX 10.0 SUSE LINUX 9.1 for IA32 SUSE LINUX 9.1 for x86-64 SUSE LINUX 9.2 SUSE LINUX 9.3	MozillaFirefox >= 1.0.8-0.2 MozillaFirefox-translations >= 1.0.8-0.2
Novell Linux Desktop 9 for x86	mozilla >= 1.7.8-5.20 mozilla-cs >= 1.7.5-4.6 mozilla-deat >= 1.7.6-0.6 mozilla-devel >= 1.7.8-5.20 mozilla-dom-inspector >= 1.7.8-5.20 mozilla-hu >= 1.78-0.7 mozilla-irc >= 1.7.8-5.20 mozilla-ja >= 1.7.7-0.7 mozilla-ko >= 1.75-0.7 mozilla-mail >= 1.7.8-5.20 mozilla-venkman >= 1.7.8-5.20	core9.s390 core9.x86-64 core9.ia64 core9.x86 core9.ppc YOU Patch Nr: 10953
Novell Linux Desktop 9 for x86_64	mozilla >= 1.7.8-5.20 mozilla-cs >= 1.7.5-4.6 mozilla-deat >= 1.7.6-0.6 mozilla-devel >= 1.7.8-5.20 mozilla-dom-inspector >= 1.7.8-5.20 mozilla-hu >= 1.78-0.7 mozilla-irc >= 1.7.8-5.20 mozilla-ja >= 1.7.7-0.7 mozilla-ko >= 1.75-0.7 mozilla-lib64 >= 1.6-0.5 mozilla-mail >= 1.7.8-5.20 mozilla-venkman >= 1.7.8-5.20	core9.s390 core9.x86-64 core9.ia64 core9.x86 core9.ppc YOU Patch Nr: 10953
Open Enterprise Server	mozilla >= 1.7.8-5.20 mozilla-calendar >= 1.7.8-5.20 mozilla-cs >= 1.7.5-4.6 mozilla-deat >= 1.7.6-0.6 mozilla-devel >= 1.7.8-5.20 mozilla-dom-inspector >= 1.7.8-5.20 mozilla-hu >= 1.78-0.7 mozilla-irc >= 1.7.8-5.20 mozilla-ja >= 1.7.7-0.7 mozilla-ko >= 1.75-0.7 mozilla-mail >= 1.7.8-5.20 mozilla-venkman >= 1.7.8-5.20	core9.s390 core9.x86-64 core9.ia64 core9.x86 core9.ppc YOU Patch Nr: 10953
SUSE LINUX 10.0 SUSE LINUX 9.2 SUSE LINUX 9.3	MozillaThunderbird >= 1.0.8-0.2
SUSE LINUX 9.1 for IA32 SUSE LINUX 9.1 for x86-64	MozillaThunderbird >= 1.0.8-0.1
SuSE Linux Desktop 1.0	mozilla >= 1.7.8-32 mozilla-deat >= 1.7.6-6 mozilla-irc >= 1.7.8-32 mozilla-mail >= 1.7.8-32	Builds