CVE-2006-4566

Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) via a malformed JavaScript regular expression that ends with a backslash in an unterminated character set ([), which leads to a buffer over-read.

Affected Software

Name	Vendor	Start Version	End Version
Firefox	Mozilla	*	1.5.0.6 (including)
Seamonkey	Mozilla	*	1.0.4 (including)
Thunderbird	Mozilla	*	1.5.0.6 (including)
Red Hat Enterprise Linux 3	RedHat	seamonkey-0:1.0.5-0.1.el3	*
Red Hat Enterprise Linux 4	RedHat	firefox-0:1.5.0.7-0.1.el4	*
Red Hat Enterprise Linux 4	RedHat	devhelp-0:0.10-0.4.el4	*
Red Hat Enterprise Linux 4	RedHat	seamonkey-0:1.0.5-0.1.el4	*
Red Hat Enterprise Linux 4	RedHat	thunderbird-0:1.5.0.7-0.1.el4	*
Firefox	Ubuntu	dapper	*
Firefox-3.0	Ubuntu	devel	*
Firefox-3.0	Ubuntu	gutsy	*
Lightning-sunbird	Ubuntu	devel	*
Lightning-sunbird	Ubuntu	gutsy	*
Midbrowser	Ubuntu	devel	*
Midbrowser	Ubuntu	gutsy	*
Mozilla-thunderbird	Ubuntu	dapper	*
Mozilla-thunderbird	Ubuntu	edgy	*
Mozilla-thunderbird	Ubuntu	feisty	*
Xulrunner	Ubuntu	devel	*
Xulrunner	Ubuntu	edgy	*
Xulrunner	Ubuntu	feisty	*
Xulrunner	Ubuntu	gutsy	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-4566
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References