CVE-2006-6971

Published: Feb 7, 2007Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Mozilla Firefox 2.0, possibly only when running on Windows, allows remote attackers to bypass the Phishing Protection mechanism by representing an IP address in (1) dotted-hex, (2) dotted-octal, (3) single decimal integer, (4) single hex integer, or (5) single octal integer format, which is not captured by the blacklist filter.

Affected (1)

Products: Mozilla: Firefox

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Version 2.0.0.1

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

http://sla.ckers.org/forum/read.php?13%2C2253

Source: cve@mitre.org

https://bugzilla.mozilla.org/show_bug.cgi?id=356355

Source: cve@mitre.org

Exploit

http://sla.ckers.org/forum/read.php?13%2C2253

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.mozilla.org/show_bug.cgi?id=356355

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.