CVE-2006-2781

Published: Jun 2, 2006Modified: Apr 16, 2026

6.4

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:P

Exploitability: 10.0 / Impact: 4.9

Source: NVD

Description

Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a VCard that contains invalid base64 characters.

Affected (2)

Products: Mozilla: Seamonkey, Thunderbird

Mozilla

2 products

Seamonkey

Thunderbird

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Mozilla Seamonkey	Up to 1.0.1
Mozilla Thunderbird	Up to 1.5.0.3

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (68)

http://rhn.redhat.com/errata/RHSA-2006-0609.html

Source: cve@mitre.org

http://secunia.com/advisories/20382

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/20394

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/20709

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/21134

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/21178

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/21183

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/21210

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/21269

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/21324

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/21336

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/21607

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/21631

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/22065

Source: cve@mitre.org

Vendor Advisory

http://securitytracker.com/id?1016214

Source: cve@mitre.org

http://www.debian.org/security/2006/dsa-1118

Source: cve@mitre.org

http://www.debian.org/security/2006/dsa-1134

Source: cve@mitre.org

http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDKSA-2006:146

Source: cve@mitre.org

http://www.mozilla.org/security/announce/2006/mfsa2006-40.html

Source: cve@mitre.org

http://www.novell.com/linux/security/advisories/2006_35_mozilla.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2006-0578.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2006-0594.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2006-0611.html

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/435795/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/446657/100/200/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/18228

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/2106

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/3749

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/26850

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10247

Source: cve@mitre.org

https://usn.ubuntu.com/297-1/

Source: cve@mitre.org

https://usn.ubuntu.com/297-3/

Source: cve@mitre.org

https://usn.ubuntu.com/323-1/

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2006-0609.html