CVE-2006-4566

Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) via a malformed JavaScript regular expression that ends with a backslash in an unterminated character set ("[\\"), which leads to a buffer over-read.

🔗 References (114)

• secalert@redhatftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
• secalert@redhathttp://secunia.com/advisories/21906
• secalert@redhathttp://secunia.com/advisories/21915
• secalert@redhathttp://secunia.com/advisories/21916
• secalert@redhathttp://secunia.com/advisories/21939
• secalert@redhathttp://secunia.com/advisories/21940
• secalert@redhathttp://secunia.com/advisories/21949
• secalert@redhathttp://secunia.com/advisories/21950
• secalert@redhathttp://secunia.com/advisories/22001
• secalert@redhathttp://secunia.com/advisories/22025
• secalert@redhathttp://secunia.com/advisories/22036
• secalert@redhathttp://secunia.com/advisories/22055
• secalert@redhathttp://secunia.com/advisories/22056
• secalert@redhathttp://secunia.com/advisories/22066
• secalert@redhathttp://secunia.com/advisories/22074