CVE-2006-2779

Name: CVE-2006-2779
Creator: NVD / NIST
Published: 2006-06-02T19:02:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 6.83%

Last modified Jun 16, 2026

CVE-2006-2779 is a vulnerability of currently unknown severity. Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption.. EPSS estimates a 6.83% chance of exploitation in the next 30 days.

Description

Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption.

Metrics

EPSS Probability

6.83%

93.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-94

Affected Software

Vendor	Product	Versions
Mozilla	Firefox	0.8
Mozilla	Firefox	0.9
Mozilla	Firefox	0.9.1
Mozilla	Firefox	0.9.2
Mozilla	Firefox	0.9.3
Mozilla	Firefox	0.10
Mozilla	Firefox	0.10.1
Mozilla	Firefox	1.0
Mozilla	Firefox	1.0.1
Mozilla	Firefox	1.0.2
Mozilla	Firefox	1.0.3
Mozilla	Firefox	1.0.4
Mozilla	Firefox	1.0.5
Mozilla	Firefox	1.0.6
Mozilla	Firefox	1.0.7
Mozilla	Firefox	1.0.8
Mozilla	Firefox	1.5
Mozilla	Firefox	1.5.0.2
Mozilla	Firefox	1.5.1
Mozilla	Firefox	1.5.2
Mozilla	Firefox	1.5.3
Mozilla	Firefox	preview_release
Mozilla	Thunderbird	0.6
Mozilla	Thunderbird	0.7
Mozilla	Thunderbird	0.7.1
Mozilla	Thunderbird	0.7.2
Mozilla	Thunderbird	0.7.3
Mozilla	Thunderbird	0.8
Mozilla	Thunderbird	0.9
Mozilla	Thunderbird	1.0
Mozilla	Thunderbird	1.0.1
Mozilla	Thunderbird	1.0.2
Mozilla	Thunderbird	1.0.5
Mozilla	Thunderbird	1.0.6
Mozilla	Thunderbird	1.0.7
Mozilla	Thunderbird	1.0.8
Mozilla	Thunderbird	1.5
Mozilla	Thunderbird	1.5.1
Mozilla	Thunderbird	1.5.2

References

http://rhn.redhat.com/errata/RHSA-2006-0609.htmlVendor Advisory
http://secunia.com/advisories/20376Patch, Vendor Advisory
http://secunia.com/advisories/20382Patch, Vendor Advisory
http://secunia.com/advisories/20561Patch, Vendor Advisory
http://secunia.com/advisories/20709
http://secunia.com/advisories/21134Vendor Advisory
http://secunia.com/advisories/21176Vendor Advisory
http://secunia.com/advisories/21178Vendor Advisory
http://secunia.com/advisories/21183Vendor Advisory
http://secunia.com/advisories/21188Vendor Advisory
http://secunia.com/advisories/21210Vendor Advisory
http://secunia.com/advisories/21269Vendor Advisory
http://secunia.com/advisories/21270Vendor Advisory
http://secunia.com/advisories/21324Vendor Advisory
http://secunia.com/advisories/21336Vendor Advisory
http://secunia.com/advisories/21532Vendor Advisory
http://secunia.com/advisories/21607Vendor Advisory
http://secunia.com/advisories/21631Vendor Advisory
http://secunia.com/advisories/21634Vendor Advisory
http://secunia.com/advisories/21654Vendor Advisory
http://secunia.com/advisories/22065
http://secunia.com/advisories/22066
http://secunia.com/advisories/27216
http://securitytracker.com/id?1016202Patch
http://securitytracker.com/id?1016214Patch
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102943-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200387-1
http://www.debian.org/security/2006/dsa-1118
http://www.debian.org/security/2006/dsa-1120
http://www.debian.org/security/2006/dsa-1134
http://www.debian.org/security/2006/dsa-1159
http://www.debian.org/security/2006/dsa-1160
http://www.gentoo.org/security/en/glsa/glsa-200606-12.xmlPatch, Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml
http://www.kb.cert.org/vuls/id/466673US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2006:143
http://www.mandriva.com/security/advisories?name=MDKSA-2006:145
http://www.mandriva.com/security/advisories?name=MDKSA-2006:146
http://www.mozilla.org/security/announce/2006/mfsa2006-32.html
http://www.novell.com/linux/security/advisories/2006_35_mozilla.html
http://www.redhat.com/support/errata/RHSA-2006-0578.htmlVendor Advisory
http://www.redhat.com/support/errata/RHSA-2006-0594.htmlVendor Advisory
http://www.redhat.com/support/errata/RHSA-2006-0610.htmlVendor Advisory
http://www.redhat.com/support/errata/RHSA-2006-0611.htmlVendor Advisory
http://www.securityfocus.com/archive/1/435795/100/0/threaded
http://www.securityfocus.com/archive/1/446657/100/200/threaded
http://www.securityfocus.com/archive/1/446658/100/200/threaded
http://www.securityfocus.com/bid/18228
http://www.us-cert.gov/cas/techalerts/TA06-153A.htmlPatch, US Government Resource
http://www.vupen.com/english/advisories/2006/2106
http://www.vupen.com/english/advisories/2006/3748
http://www.vupen.com/english/advisories/2006/3749
http://www.vupen.com/english/advisories/2007/3488
http://www.vupen.com/english/advisories/2008/0083
https://exchange.xforce.ibmcloud.com/vulnerabilities/26843
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9762
https://usn.ubuntu.com/296-1/
https://usn.ubuntu.com/296-2/
https://usn.ubuntu.com/297-1/
https://usn.ubuntu.com/297-3/
https://usn.ubuntu.com/323-1/
http://rhn.redhat.com/errata/RHSA-2006-0609.htmlVendor Advisory
http://secunia.com/advisories/20376Patch, Vendor Advisory
http://secunia.com/advisories/20382Patch, Vendor Advisory
http://secunia.com/advisories/20561Patch, Vendor Advisory
http://secunia.com/advisories/20709
http://secunia.com/advisories/21134Vendor Advisory
http://secunia.com/advisories/21176Vendor Advisory
http://secunia.com/advisories/21178Vendor Advisory
http://secunia.com/advisories/21183Vendor Advisory
http://secunia.com/advisories/21188Vendor Advisory
http://secunia.com/advisories/21210Vendor Advisory
http://secunia.com/advisories/21269Vendor Advisory
http://secunia.com/advisories/21270Vendor Advisory
http://secunia.com/advisories/21324Vendor Advisory
http://secunia.com/advisories/21336Vendor Advisory
http://secunia.com/advisories/21532Vendor Advisory
http://secunia.com/advisories/21607Vendor Advisory
http://secunia.com/advisories/21631Vendor Advisory
http://secunia.com/advisories/21634Vendor Advisory
http://secunia.com/advisories/21654Vendor Advisory
http://secunia.com/advisories/22065
http://secunia.com/advisories/22066
http://secunia.com/advisories/27216
http://securitytracker.com/id?1016202Patch
http://securitytracker.com/id?1016214Patch
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102943-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200387-1
http://www.debian.org/security/2006/dsa-1118
http://www.debian.org/security/2006/dsa-1120
http://www.debian.org/security/2006/dsa-1134
http://www.debian.org/security/2006/dsa-1159
http://www.debian.org/security/2006/dsa-1160
http://www.gentoo.org/security/en/glsa/glsa-200606-12.xmlPatch, Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml
http://www.kb.cert.org/vuls/id/466673US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2006:143
http://www.mandriva.com/security/advisories?name=MDKSA-2006:145
http://www.mandriva.com/security/advisories?name=MDKSA-2006:146
http://www.mozilla.org/security/announce/2006/mfsa2006-32.html
http://www.novell.com/linux/security/advisories/2006_35_mozilla.html
http://www.redhat.com/support/errata/RHSA-2006-0578.htmlVendor Advisory
http://www.redhat.com/support/errata/RHSA-2006-0594.htmlVendor Advisory
http://www.redhat.com/support/errata/RHSA-2006-0610.htmlVendor Advisory
http://www.redhat.com/support/errata/RHSA-2006-0611.htmlVendor Advisory
http://www.securityfocus.com/archive/1/435795/100/0/threaded
http://www.securityfocus.com/archive/1/446657/100/200/threaded
http://www.securityfocus.com/archive/1/446658/100/200/threaded
http://www.securityfocus.com/bid/18228
http://www.us-cert.gov/cas/techalerts/TA06-153A.htmlPatch, US Government Resource
http://www.vupen.com/english/advisories/2006/2106
http://www.vupen.com/english/advisories/2006/3748
http://www.vupen.com/english/advisories/2006/3749
http://www.vupen.com/english/advisories/2007/3488
http://www.vupen.com/english/advisories/2008/0083
https://exchange.xforce.ibmcloud.com/vulnerabilities/26843
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9762
https://usn.ubuntu.com/296-1/
https://usn.ubuntu.com/296-2/
https://usn.ubuntu.com/297-1/
https://usn.ubuntu.com/297-3/
https://usn.ubuntu.com/323-1/

Timeline

Published: Jun 2, 2006
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2006-2779?

How severe is CVE-2006-2779?

Severity scoring for CVE-2006-2779 is pending analysis. The EPSS model estimates a 6.83% probability of exploitation in the next 30 days.

How do I fix CVE-2006-2779?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-2779?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST