{"vuid":"VU#928956","idnumber":"928956","name":"Mozilla SVG memory corruption vulnerability","keywords":["Mozilla","remote code execution","SVG comment","DOM node","memory corruption","mozilla_20061219","MFSA 2006-73"],"overview":"Mozilla products contain a memory corruption vulnerability related to SVG processing. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.","clean_desc":"Scalable Vector Graphics (SVG) processing code in Mozilla Firefox and SeaMonkey contains a memory corruption vulnerability. According to Mozilla Foundation Security Advisory 2006-73: Appending an SVG comment DOM node from one document into another type of document such as HTML in some cases results in a crash due to memory corruption that can be exploited to run arbitrary code. This flaw was introduced in the Firefox 1.5.0.4 release, prior versions are unaffected.","impact":"By convincing a user to visit a specially crafted website, a remote, unauthenticated attacker may be able to execute arbitrary code.","resolution":"Upgrade Mozilla has addressed these vulnerabilities in Firefox 2.0.0.1, Firefox 1.5.0.9 and SeaMonkey 1.0.7.","workarounds":"Workaround Disable JavaScript For instructions on how to disable JavaScript in Firefox, please refer to the Firefox section of the Securing Your Web Browser document.","sysaffected":"","thanks":"This vulnerability was reported by Mozilla who in turn credits TippingPoint and the Zero Day Initiative.","author":"This document was written by Katie Steiner.","public":["http://www.mozilla.org/security/announce/2006/mfsa2006-73.html","http://www.zerodayinitiative.com/advisories/ZDI-06-051.html","https://bugzilla.mozilla.org/show_bug.cgi?id=360021","http://secunia.com/advisories/23420/","http://secunia.com/advisories/23591/","http://secunia.com/advisories/23598/","http://secunia.com/advisories/23439/","http://secunia.com/advisories/23514/","http://secunia.com/advisories/23545/","http://secunia.com/advisories/23601/","http://secunia.com/advisories/23614/","http://secunia.com/advisories/23618/","http://secunia.com/advisories/23692/","http://www.securityfocus.com/bid/21668"],"cveids":["CVE-2006-6504"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-12-20T20:42:13Z","publicdate":"2006-12-19T00:00:00Z","datefirstpublished":"2006-12-20T22:57:22Z","dateupdated":"2007-02-07T18:37:12Z","revision":33,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"15","cam_impact":"17","cam_easeofexploitation":"14","cam_attackeraccessrequired":"20","cam_scorecurrent":"26.775","cam_scorecurrentwidelyknown":"33.46875","cam_scorecurrentwidelyknownexploited":"60.24375","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":26.775,"vulnote":null}