RedhatCVE-2006-3803CVE-2006-3803
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
99.7%
Race condition in the JavaScript garbage collection in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code by causing the garbage collector to delete a temporary variable while it is still being used during the creation of a new Function object.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mozilla | firefox | 1.5 | cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:* |
| mozilla | firefox | 1.5.0.1 | cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:* |
| mozilla | firefox | 1.5.0.2 | cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:* |
| mozilla | firefox | 1.5.0.3 | cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:* |
| mozilla | firefox | 1.5.0.4 | cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:* |
| mozilla | seamonkey | 1.0 | cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:* |
| mozilla | seamonkey | 1.0 | cpe:2.3:a:mozilla:seamonkey:1.0:*:dev:*:*:*:*:* |
| mozilla | seamonkey | 1.0.1 | cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:* |
| mozilla | seamonkey | 1.0.2 | cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:* |
| mozilla | thunderbird | 1.5 | cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:* |
References
ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc
rhn.redhat.com/errata/RHSA-2006-0609.html
secunia.com/advisories/19873
secunia.com/advisories/21216
secunia.com/advisories/21228
secunia.com/advisories/21229
secunia.com/advisories/21243
secunia.com/advisories/21246
secunia.com/advisories/21250
secunia.com/advisories/21262
secunia.com/advisories/21269
secunia.com/advisories/21270
secunia.com/advisories/21275
secunia.com/advisories/21336
secunia.com/advisories/21343
secunia.com/advisories/21358
secunia.com/advisories/21361
secunia.com/advisories/21529
secunia.com/advisories/21532
secunia.com/advisories/21607
secunia.com/advisories/21631
secunia.com/advisories/22055
secunia.com/advisories/22065
secunia.com/advisories/22066
secunia.com/advisories/22210
security.gentoo.org/glsa/glsa-200608-02.xml
security.gentoo.org/glsa/glsa-200608-04.xml
securitytracker.com/id?1016586
securitytracker.com/id?1016587
securitytracker.com/id?1016588
www.gentoo.org/security/en/glsa/glsa-200608-03.xml
www.kb.cert.org/vuls/id/265964
www.mandriva.com/security/advisories?name=MDKSA-2006:143
www.mandriva.com/security/advisories?name=MDKSA-2006:145
www.mandriva.com/security/advisories?name=MDKSA-2006:146
www.mozilla.org/security/announce/2006/mfsa2006-48.html
www.novell.com/linux/security/advisories/2006_48_seamonkey.html
www.redhat.com/support/errata/RHSA-2006-0594.html
www.redhat.com/support/errata/RHSA-2006-0608.html
www.redhat.com/support/errata/RHSA-2006-0610.html
www.redhat.com/support/errata/RHSA-2006-0611.html
www.securityfocus.com/archive/1/441333/100/0/threaded
www.securityfocus.com/archive/1/446657/100/200/threaded
www.securityfocus.com/archive/1/446658/100/200/threaded
www.securityfocus.com/bid/19181
www.ubuntu.com/usn/usn-350-1
www.ubuntu.com/usn/usn-354-1
www.us-cert.gov/cas/techalerts/TA06-208A.html
www.vupen.com/english/advisories/2006/2998
www.vupen.com/english/advisories/2006/3748
www.vupen.com/english/advisories/2006/3749
www.vupen.com/english/advisories/2008/0083
exchange.xforce.ibmcloud.com/vulnerabilities/27984
issues.rpath.com/browse/RPL-536
issues.rpath.com/browse/RPL-537
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10635
usn.ubuntu.com/327-1/
usn.ubuntu.com/329-1/
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
99.7%