CVE-2006-1738

Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) by changing the (1) -moz-grid and (2) -moz-grid-group display styles.

Published: 2006-04-14 Last update: 2026-04-16 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2006-1738 is rated Moderate Risk (48.7/100): CVSS Medium severity, with high exploitation likelihood (EPSS 29.79%, 96th percentile). EPSS ranks this CVE among the most likely to be exploited in the near term. High exploitation likelihood—assess exposure and prioritize remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2006-1738

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2025-03-30 39.98% 29.79% -10.19%
2 2025-03-29 29.79% 39.98% +10.19%
3 2025-03-17 29.79%

Full EPSS history (9 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2006-1738

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
5.0 2.0 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:N)
No confidentiality impact.
Integrity impact (I:N)
No integrity impact.
Availability impact (A:P)
Partial availability impact.
 10.0 2.9 [email protected]

Weakness enumeration for CVE-2006-1738

OS Trackers for CVE-2006-1738

vendor priority summary link
debian medium CVE-2006-1738 medium priority: Debian including 2 source packages (firefox, thunderbird), 6 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 6. https://security-tracker.debian.org/tracker/CVE-2006-1738
gentoo normal CVE-2006-1738: 3 GLSA(s) (200604-12, 200604-18, 200605-09), 6 atom(s) (mail-client/mozilla-thunderbird, mail-client/mozilla-thunderbird-bin, www-client/mozilla, www-client/mozilla-bin, www-client/mozilla-firefox, www-client/mozilla-firefox-bin); latest impact normal. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2006-1738
redhat critical https://access.redhat.com/security/cve/CVE-2006-1738
ubuntu medium CVE-2006-1738 medium priority: Ubuntu including 5 source packages (firefox, firefox-granparadiso, lightning-sunbird, midbrowser, mozilla-thunderbird), 20 status rows across 4 suites (dapper, edgy, feisty, upstream): DNE 9, needs-triage 5, released 4, not-affected 2. https://ubuntu.com/security/CVE-2006-1738

Affected software / configurations for CVE-2006-1738

Vendor Product Version Raw CPE
mozilla firefox 1.0 cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
mozilla firefox 1.0.1 cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
mozilla firefox 1.0.2 cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
mozilla firefox 1.0.3 cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
mozilla firefox 1.0.4 cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
mozilla firefox 1.0.5 cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
mozilla firefox 1.0.6 cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
mozilla firefox 1.0.7 cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
mozilla firefox 1.5 cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
mozilla firefox 1.5 cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
mozilla mozilla_suite 1.7.6 cpe:2.3:a:mozilla:mozilla_suite:1.7.6:*:*:*:*:*:*:*
mozilla mozilla_suite 1.7.7 cpe:2.3:a:mozilla:mozilla_suite:1.7.7:*:*:*:*:*:*:*
mozilla mozilla_suite 1.7.8 cpe:2.3:a:mozilla:mozilla_suite:1.7.8:*:*:*:*:*:*:*
mozilla mozilla_suite 1.7.10 cpe:2.3:a:mozilla:mozilla_suite:1.7.10:*:*:*:*:*:*:*
mozilla mozilla_suite 1.7.11 cpe:2.3:a:mozilla:mozilla_suite:1.7.11:*:*:*:*:*:*:*
mozilla mozilla_suite 1.7.12 cpe:2.3:a:mozilla:mozilla_suite:1.7.12:*:*:*:*:*:*:*
mozilla seamonkey 1.0 cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*
mozilla seamonkey 1.0 cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
mozilla thunderbird 1.0 cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*
mozilla thunderbird 1.0.1 cpe:2.3:a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*
mozilla thunderbird 1.0.2 cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*
mozilla thunderbird 1.0.3 cpe:2.3:a:mozilla:thunderbird:1.0.3:*:*:*:*:*:*:*
mozilla thunderbird 1.0.4 cpe:2.3:a:mozilla:thunderbird:1.0.4:*:*:*:*:*:*:*
mozilla thunderbird 1.0.5 cpe:2.3:a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*
mozilla thunderbird 1.0.5 cpe:2.3:a:mozilla:thunderbird:1.0.5:beta:*:*:*:*:*:*
mozilla thunderbird 1.0.6 cpe:2.3:a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*
mozilla thunderbird 1.0.7 cpe:2.3:a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*
mozilla thunderbird 1.5 cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
mozilla thunderbird 1.5 cpe:2.3:a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*

References for CVE-2006-1738

URL Tags
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc
http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html
http://secunia.com/advisories/19631
http://secunia.com/advisories/19696
http://secunia.com/advisories/19714
http://secunia.com/advisories/19721
http://secunia.com/advisories/19729
http://secunia.com/advisories/19746
http://secunia.com/advisories/19759
http://secunia.com/advisories/19780
http://secunia.com/advisories/19794
http://secunia.com/advisories/19811
http://secunia.com/advisories/19821
http://secunia.com/advisories/19852
http://secunia.com/advisories/19862
http://secunia.com/advisories/19863
http://secunia.com/advisories/19902
http://secunia.com/advisories/19941
http://secunia.com/advisories/19950
http://secunia.com/advisories/20051
http://secunia.com/advisories/21033
http://secunia.com/advisories/21622
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
http://www.debian.org/security/2006/dsa-1044
http://www.debian.org/security/2006/dsa-1046
http://www.debian.org/security/2006/dsa-1051
http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml
http://www.kb.cert.org/vuls/id/252324 US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2006:075
http://www.mandriva.com/security/advisories?name=MDKSA-2006:076
http://www.mandriva.com/security/advisories?name=MDKSA-2006:078
http://www.mozilla.org/security/announce/2006/mfsa2006-11.html Vendor Advisory
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html
http://www.redhat.com/support/errata/RHSA-2006-0328.html
http://www.redhat.com/support/errata/RHSA-2006-0329.html
http://www.redhat.com/support/errata/RHSA-2006-0330.html
http://www.securityfocus.com/archive/1/434524/100/0/threaded
http://www.securityfocus.com/archive/1/436296/100/0/threaded
http://www.securityfocus.com/archive/1/436338/100/0/threaded
http://www.securityfocus.com/archive/1/438730/100/0/threaded
http://www.securityfocus.com/bid/17516
http://www.us-cert.gov/cas/techalerts/TA06-107A.html US Government Resource
http://www.vupen.com/english/advisories/2006/1356
https://exchange.xforce.ibmcloud.com/vulnerabilities/25811
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1687
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9405
https://usn.ubuntu.com/271-1/
https://usn.ubuntu.com/275-1/
https://usn.ubuntu.com/276-1/
cvelogic Threat Intelligence