Search for vulnerabilities
Vulnerability details: VCID-j39v-x5xz-aaad
Vulnerability ID VCID-j39v-x5xz-aaad
Aliases CVE-2006-2783
Summary Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte-order-Mark (BOM) from a UTF-8 page before the page is passed to the parser, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a BOM sequence in the middle of a dangerous tag such as SCRIPT.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
System Score Found at
rhas Critical https://access.redhat.com/errata/RHSA-2006:0578
rhas Critical https://access.redhat.com/errata/RHSA-2006:0594
rhas Critical https://access.redhat.com/errata/RHSA-2006:0609
rhas Critical https://access.redhat.com/errata/RHSA-2006:0610
rhas Critical https://access.redhat.com/errata/RHSA-2006:0611
epss 0.04101 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04101 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04101 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04101 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04101 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04101 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04101 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04101 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04101 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04101 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04101 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04101 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04101 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04101 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04101 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04101 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04101 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04101 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04101 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04101 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04101 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04296 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04296 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04296 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04296 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04296 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04296 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04296 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04296 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04296 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04296 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04296 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04296 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04296 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04296 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04296 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04296 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04296 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04296 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04296 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04296 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04296 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04296 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04296 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04296 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04296 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04296 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04296 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04296 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04296 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04296 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04296 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04296 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04296 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04296 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04296 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04296 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04296 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04296 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04296 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.04296 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.09192 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.14105 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.14105 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.14105 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.14105 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.14105 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.14105 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.14105 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.14105 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.14105 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.14105 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.14105 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.14105 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.14105 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.14105 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.14105 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.14105 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
epss 0.14105 https://api.first.org/data/v1/epss?cve=CVE-2006-2783
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1618117
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2006-2783
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2006-42
Reference id Reference type URL
http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
http://rhn.redhat.com/errata/RHSA-2006-0609.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-2783.json
https://api.first.org/data/v1/epss?cve=CVE-2006-2783
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2783
http://secunia.com/advisories/20376
http://secunia.com/advisories/20382
http://secunia.com/advisories/20561
http://secunia.com/advisories/20709
http://secunia.com/advisories/21134
http://secunia.com/advisories/21176
http://secunia.com/advisories/21178
http://secunia.com/advisories/21183
http://secunia.com/advisories/21188
http://secunia.com/advisories/21210
http://secunia.com/advisories/21269
http://secunia.com/advisories/21270
http://secunia.com/advisories/21324
http://secunia.com/advisories/21336
http://secunia.com/advisories/21532
http://secunia.com/advisories/21607
http://secunia.com/advisories/21631
http://secunia.com/advisories/22065
http://secunia.com/advisories/22066
http://secunia.com/advisories/31074
http://secunia.com/advisories/35379
http://securitytracker.com/id?1016202
http://securitytracker.com/id?1016214
https://exchange.xforce.ibmcloud.com/vulnerabilities/26852
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10772
http://support.apple.com/kb/HT3613
https://usn.ubuntu.com/296-1/
https://usn.ubuntu.com/296-2/
https://usn.ubuntu.com/297-1/
https://usn.ubuntu.com/297-3/
https://usn.ubuntu.com/323-1/
http://www.debian.org/security/2006/dsa-1118
http://www.debian.org/security/2006/dsa-1120
http://www.debian.org/security/2006/dsa-1134
http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml
http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:143
http://www.mandriva.com/security/advisories?name=MDKSA-2006:145
http://www.mandriva.com/security/advisories?name=MDKSA-2006:146
http://www.mozilla.org/security/announce/2006/mfsa2006-42.html
http://www.novell.com/linux/security/advisories/2006_35_mozilla.html
http://www.redhat.com/support/errata/RHSA-2006-0578.html
http://www.redhat.com/support/errata/RHSA-2006-0594.html
http://www.redhat.com/support/errata/RHSA-2006-0610.html
http://www.redhat.com/support/errata/RHSA-2006-0611.html
http://www.securityfocus.com/archive/1/435795/100/0/threaded
http://www.securityfocus.com/archive/1/446657/100/200/threaded
http://www.securityfocus.com/archive/1/446658/100/200/threaded
http://www.securityfocus.com/bid/18228
http://www.vupen.com/english/advisories/2006/2106
http://www.vupen.com/english/advisories/2006/3748
http://www.vupen.com/english/advisories/2006/3749
http://www.vupen.com/english/advisories/2008/0083
http://www.vupen.com/english/advisories/2008/2094/references
http://www.vupen.com/english/advisories/2009/1522
1618117 https://bugzilla.redhat.com/show_bug.cgi?id=1618117
535793 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535793
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
CVE-2006-2783 https://nvd.nist.gov/vuln/detail/CVE-2006-2783
GLSA-200606-12 https://security.gentoo.org/glsa/200606-12
GLSA-200606-21 https://security.gentoo.org/glsa/200606-21
mfsa2006-42 https://www.mozilla.org/en-US/security/advisories/mfsa2006-42
RHSA-2006:0578 https://access.redhat.com/errata/RHSA-2006:0578
RHSA-2006:0594 https://access.redhat.com/errata/RHSA-2006:0594
RHSA-2006:0609 https://access.redhat.com/errata/RHSA-2006:0609
RHSA-2006:0610 https://access.redhat.com/errata/RHSA-2006:0610
RHSA-2006:0611 https://access.redhat.com/errata/RHSA-2006:0611
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2006-2783
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.87992
EPSS Score 0.04101
Published At May 16, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.