// For flags

CVE-2006-6503

 

Severity Score

6.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to bypass cross-site scripting (XSS) protection by changing the src attribute of an IMG element to a javascript: URI.

Mozilla Firefox 2.x anterior a 2.0.0.1, 1.5.x anterior a 1.5.0.9, Thunderbird anterior a 1.5.0.9, y SeaMonkey anterior a 1.0.7 permite a atacantes remotos evitar la protección de secuencias de comandos en sitios cruzados (XSS) cambiando el atributo src de un elemento IMG a javascript: URI.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-12-13 CVE Reserved
  • 2006-12-20 CVE Published
  • 2024-07-01 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-254: 7PK - Security Features
CAPEC
References (55)
URL Tag Source
http://secunia.com/advisories/23282 Third Party Advisory
http://secunia.com/advisories/23420 Third Party Advisory
http://secunia.com/advisories/23422 Third Party Advisory
http://secunia.com/advisories/23433 Third Party Advisory
http://secunia.com/advisories/23439 Third Party Advisory
http://secunia.com/advisories/23440 Third Party Advisory
http://secunia.com/advisories/23468 Third Party Advisory
http://secunia.com/advisories/23514 Third Party Advisory
http://secunia.com/advisories/23545 Third Party Advisory
http://secunia.com/advisories/23589 Third Party Advisory
http://secunia.com/advisories/23591 Third Party Advisory
http://secunia.com/advisories/23598 Third Party Advisory
http://secunia.com/advisories/23601 Third Party Advisory
http://secunia.com/advisories/23614 Third Party Advisory
http://secunia.com/advisories/23618 Third Party Advisory
http://secunia.com/advisories/23672 Third Party Advisory
http://secunia.com/advisories/23692 Third Party Advisory
http://secunia.com/advisories/23988 Third Party Advisory
http://secunia.com/advisories/24078 Third Party Advisory
http://secunia.com/advisories/24390 Third Party Advisory
http://securitytracker.com/id?1017414 Third Party Advisory
http://securitytracker.com/id?1017415 Third Party Advisory
http://securitytracker.com/id?1017416 Third Party Advisory
http://www.kb.cert.org/vuls/id/405092 Third Party Advisory
http://www.securityfocus.com/archive/1/455145/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/455728/100/200/threaded Mailing List
http://www.securityfocus.com/bid/21668 Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA06-354A.html Third Party Advisory
http://www.vupen.com/english/advisories/2006/5068 Third Party Advisory
http://www.vupen.com/english/advisories/2008/0083 Third Party Advisory
https://issues.rpath.com/browse/RPL-883 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10895 Signature
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
>= 1.5 < 1.5.0.9
Search vendor "Mozilla" for product "Firefox" and version " >= 1.5 < 1.5.0.9"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
>= 2.0 < 2.0.0.1
Search vendor "Mozilla" for product "Firefox" and version " >= 2.0 < 2.0.0.1"
-
Affected
Mozilla
Search vendor "Mozilla"
Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
< 1.0.7
Search vendor "Mozilla" for product "Seamonkey" and version " < 1.0.7"
-
Affected
Mozilla
Search vendor "Mozilla"
Thunderbird
Search vendor "Mozilla" for product "Thunderbird"
< 1.5.0.9
Search vendor "Mozilla" for product "Thunderbird" and version " < 1.5.0.9"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
3.1
Search vendor "Debian" for product "Debian Linux" and version "3.1"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
4.0
Search vendor "Debian" for product "Debian Linux" and version "4.0"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
5.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "5.10"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
6.06
Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06"
lts
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
6.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "6.10"
-
Affected