{"vuid":"VU#606260","idnumber":"606260","name":"Mozilla Layout Engine vulnerability","keywords":["Mozilla","DoS","denial of service","memory corruption","crash","mozilla_20061219"],"overview":"A vulnerability exists in the Mozilla Layout Engine that may allow a remote attacker to compromise a vulnerable system.","clean_desc":"The Mozilla Layout Engine contains an unspecified vulnerability that may result in memory corruption. The impact of this memory corruption is unclear. According to Mozilla Foundation Security Advisory 2006-68: Some of these were crashes that showed evidence of memory corruption and we presume that at least some of these could be exploited to run arbitrary code with enough effort.","impact":"The specific consequences of this vulnerability are not clear, but may include execution of arbitrary code and denial of service.","resolution":"Apply an update\nAccording to the Mozilla Foundation Security Update 2006-68, this vulnerability is addressed in Firefox 2.0.0.1, Firefox 1.5.0.9, Thunderbird 1.5.0.9, and SeaMonkey 1.0.7.","workarounds":"Disable JavaScript For instructions on how to disable JavaScript in Firefox, please refer to the Firefox section of the Securing Your Web Browser document.","sysaffected":"","thanks":"This vulnerability was reported in Mozilla Foundation Security Advisory \n2006-68\n. Mozilla credits \nAndrew Miller, David Baron, Georgi Guninski, Jesse Ruderman, Olli Pettay and Vladimir Vukicevic \nwith providing information about this issue.","author":"This document was written by Chris Taschner.","public":["http://www.mozilla.org/security/announce/2006/mfsa2006-68.html","https://bugzilla.mozilla.org/show_bug.cgi?id=322345","https://bugzilla.mozilla.org/show_bug.cgi?id=335047","https://bugzilla.mozilla.org/show_bug.cgi?id=339494","https://bugzilla.mozilla.org/show_bug.cgi?id=348304","https://bugzilla.mozilla.org/show_bug.cgi?id=354766","https://bugzilla.mozilla.org/show_bug.cgi?id=359203","https://bugzilla.mozilla.org/show_bug.cgi?id=360293","https://bugzilla.mozilla.org/show_bug.cgi?id=360642","http://secunia.com/advisories/23420/","http://secunia.com/advisories/23591/","http://secunia.com/advisories/23598/","http://secunia.com/advisories/23439/","http://secunia.com/advisories/23514/","http://secunia.com/advisories/23545/","http://secunia.com/advisories/23601/","http://secunia.com/advisories/23614/","http://secunia.com/advisories/23618/","http://secunia.com/advisories/23692/","http://secunia.com/advisories/23988/","http://secunia.com/advisories/23420/","http://secunia.com/advisories/23591/","http://secunia.com/advisories/23598/","http://www.securityfocus.com/bid/21668"],"cveids":["CVE-2006-6497"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-12-20T20:01:48Z","publicdate":"2006-12-19T00:00:00Z","datefirstpublished":"2006-12-20T22:07:26Z","dateupdated":"2007-02-07T18:43:33Z","revision":34,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"17","cam_impact":"3","cam_easeofexploitation":"12","cam_attackeraccessrequired":"20","cam_scorecurrent":"4.131","cam_scorecurrentwidelyknown":"5.2785","cam_scorecurrentwidelyknownexploited":"9.8685","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":4.131,"vulnote":null}