CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
98.2%
The Mozilla JavaScript engine fails to properly perform garbage collection, which may allow a remote attacker to execute arbitrary code on a vulnerable system.
Garbage collection
According to Mozilla:
Garbage collection is generally used to refer to algorithms that (1) determine which objects are still needed by starting from a set of roots and finding all objects reachable from those objects and (2) returning all remaining objects to the heap. The roots include things like global variables and variables on the current call stack. Mozilla’s JavaScript engine uses one of the most common garbage collection algorithms, mark and sweep, in which the garbage collector clears the mark bit on each object, sets the mark bits on all roots and all objects reachable from them, and then finalizes all objects not marked and returns the memory they used to the heap.
The problem
In some situations, garbage collection could delete an object that was in active use.
A remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. The attacker could also cause the vulnerable application to crash.
Apply an update
This vulnerability is addressed in Firefox 1.5.0.5, Thunderbird 1.5.0.5, and SeaMonkey 1.0.3 according to the Mozilla Foundation Security Update 2006-50.
Disable JavaScript
This vulnerability can be mitigated by disabling JavaScript.
876420
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: July 27, 2006
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see Mozilla Foundation Security Advisory 2006-50.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23876420 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This vulnerability was reported by the Mozilla Foundation, who in turn credit Igor Bukanov and shutdown.
This document was written by Will Dormann.
CVE IDs: | CVE-2006-3805 |
---|---|
Severity Metric: | 6.71 Date Public: |
secunia.com/advisories/19873/
secunia.com/advisories/21216/
secunia.com/advisories/21228/
secunia.com/advisories/21229/
www.mozilla.org/security/announce/2006/mfsa2006-50.html
www.securityfocus.com/bid/19181
bugzilla.mozilla.org/show_bug.cgi?id=324117
bugzilla.mozilla.org/show_bug.cgi?id=325425
bugzilla.mozilla.org/show_bug.cgi?id=338804
bugzilla.mozilla.org/show_bug.cgi?id=339785
bugzilla.mozilla.org/show_bug.cgi?id=340129
bugzilla.mozilla.org/show_bug.cgi?id=341877
bugzilla.mozilla.org/show_bug.cgi?id=341956
issues.rpath.com/browse/RPL-537