CVE-2006-4566

Publication date 15 September 2006

Last updated 17 July 2025

Ubuntu priority

Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) via a malformed JavaScript regular expression that ends with a backslash in an unterminated character set ("[\\"), which leads to a buffer over-read.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
firefox	7.10 gutsy	Not affected
	7.04 feisty	Not affected
	6.10 edgy	Not affected
	6.06 LTS dapper	Fixed 1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1
firefox-3.0	7.10 gutsy	Fixed 3.0~alpha7-0ubuntu6
	7.04 feisty	Not in release
	6.10 edgy	Not in release
	6.06 LTS dapper	Not in release
lightning-sunbird	7.10 gutsy	Fixed 0.5-0ubuntu4
	7.04 feisty	Not in release
	6.10 edgy	Not in release
	6.06 LTS dapper	Not in release
midbrowser	7.10 gutsy	Fixed 0.1.6b-0ubuntu2
	7.04 feisty	Not in release
	6.10 edgy	Not in release
	6.06 LTS dapper	Not in release
mozilla-thunderbird	7.10 gutsy	Not in release
	7.04 feisty	Fixed 1.5.0.13-0ubuntu0.7.04
	6.10 edgy	Fixed 1.5.0.13-0ubuntu0.6.10
	6.06 LTS dapper	Fixed 1.5.0.13-0ubuntu0.6.06
xulrunner	7.10 gutsy	Fixed 1.8.0.10-3ubuntu1
	7.04 feisty	Fixed 1.8.0.10-3ubuntu1
	6.10 edgy	Ignored end of life, was needed
	6.06 LTS dapper	Not in release

References

Related Ubuntu Security Notices (USN)

USN-351-1
firefox vulnerabilities
23 September 2006

USN-350-1
Thunderbird vulnerabilities
22 September 2006

USN-352-1
Thunderbird vulnerabilities
25 September 2006

Other references

https://www.cve.org/CVERecord?id=CVE-2006-4566