Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2006-0294

Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 allow remote attackers to execute arbitrary code by changing an element's style from position:relative to position:static, which causes Gecko to operate on freed memory.

Related bugs and status

CVE-2006-0294 (Candidate) is related to these bugs:

Bug #41096: update to thunderbird 1.5.0.2

Summary				In	Importance	Status
	41096	update to thunderbird 1.5.0.2		mozilla-thunderbird (Ubuntu)	Critical	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugzilla.mozil...
BID: 16476
SECUNIA: 18700
SECUNIA: 18704
SECTRACK: 1015570
CONFIRM: http://www.mozilla.org...
SECUNIA: 22065
VUPEN: ADV-2006-0413
VUPEN: ADV-2006-3749
XF: mozilla-element-change...
OVAL: oval:org.mitre.oval:de...
HP: HPSBUX02156
HP: SSRT061236