Lucene search

RedhatCVE-2006-3811

HistoryJul 27, 2006 - 8:04 p.m.

CVE-2006-3811

2006-07-2720:04:00

redhat

web.nvd.nist.gov

mozilla firefox

thunderbird

seamonkey

cve-2006-3811

remote code execution

memory corruption

denial of service

javascript

buffer overflow

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

Low

EPSS

0.686

Percentile

98.0%

JSON

Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Javascript that leads to memory corruption, including (1) nsListControlFrame::FireMenuItemActiveEvent, (2) buffer overflows in the string class in out-of-memory conditions, (3) table row and column groups, (4) “anonymous box selectors outside of UA stylesheets,” (5) stale references to “removed nodes,” and (6) running the crypto.generateCRMFRequest callback on deleted context.

Affected configurations

Nvd

Node

mozillafirefoxMatch1.5

mozillafirefoxMatch1.5.0.1

mozillafirefoxMatch1.5.0.2

mozillafirefoxMatch1.5.0.3

mozillafirefoxMatch1.5.0.4

mozillaseamonkeyMatch1.0

mozillaseamonkeyMatch1.0dev

mozillaseamonkeyMatch1.0.1

mozillaseamonkeyMatch1.0.2

mozillathunderbirdMatch1.5

mozillathunderbirdMatch1.5.0.2

mozillathunderbirdMatch1.5.0.4

VendorProductVersionCPE
mozillafirefox1.5cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
mozillafirefox1.5.0.1cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
mozillafirefox1.5.0.2cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
mozillafirefox1.5.0.3cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
mozillafirefox1.5.0.4cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
mozillaseamonkey1.0cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
mozillaseamonkey1.0cpe:2.3:a:mozilla:seamonkey:1.0:*:dev:*:*:*:*:*
mozillaseamonkey1.0.1cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
mozillaseamonkey1.0.2cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
mozillathunderbird1.5cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	1.5	cpe:2.3:a:mozilla:firefox:1.5:::::::*
mozilla	firefox	1.5.0.1	cpe:2.3:a:mozilla:firefox:1.5.0.1:::::::*
mozilla	firefox	1.5.0.2	cpe:2.3:a:mozilla:firefox:1.5.0.2:::::::*
mozilla	firefox	1.5.0.3	cpe:2.3:a:mozilla:firefox:1.5.0.3:::::::*
mozilla	firefox	1.5.0.4	cpe:2.3:a:mozilla:firefox:1.5.0.4:::::::*
mozilla	seamonkey	1.0	cpe:2.3:a:mozilla:seamonkey:1.0:::::::*
mozilla	seamonkey	1.0	cpe:2.3:a:mozilla:seamonkey:1.0::dev:::::
mozilla	seamonkey	1.0.1	cpe:2.3:a:mozilla:seamonkey:1.0.1:::::::*
mozilla	seamonkey	1.0.2	cpe:2.3:a:mozilla:seamonkey:1.0.2:::::::*
mozilla	thunderbird	1.5	cpe:2.3:a:mozilla:thunderbird:1.5:::::::*

Rows per page:

1-10 of 121

References

ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc

rhn.redhat.com/errata/RHSA-2006-0609.html

secunia.com/advisories/19873

secunia.com/advisories/21216

secunia.com/advisories/21228

secunia.com/advisories/21229

secunia.com/advisories/21243

secunia.com/advisories/21246

secunia.com/advisories/21250

secunia.com/advisories/21262

secunia.com/advisories/21269

secunia.com/advisories/21270

secunia.com/advisories/21275

secunia.com/advisories/21336

secunia.com/advisories/21343

secunia.com/advisories/21358

secunia.com/advisories/21361

secunia.com/advisories/21529

secunia.com/advisories/21532

secunia.com/advisories/21607

secunia.com/advisories/21631

secunia.com/advisories/21675

secunia.com/advisories/22055

secunia.com/advisories/22065

secunia.com/advisories/22066

secunia.com/advisories/22210

secunia.com/advisories/22342

secunia.com/advisories/25839

security.gentoo.org/glsa/glsa-200608-02.xml

security.gentoo.org/glsa/glsa-200608-04.xml

securitytracker.com/id?1016586

securitytracker.com/id?1016587

securitytracker.com/id?1016588

sunsolve.sun.com/search/document.do?assetkey=1-26-102971-1

www.debian.org/security/2006/dsa-1161

www.gentoo.org/security/en/glsa/glsa-200608-03.xml

www.kb.cert.org/vuls/id/527676

www.mandriva.com/security/advisories?name=MDKSA-2006:143

www.mandriva.com/security/advisories?name=MDKSA-2006:145

www.mandriva.com/security/advisories?name=MDKSA-2006:146

www.mozilla.org/security/announce/2006/mfsa2006-55.html

www.novell.com/linux/security/advisories/2006_48_seamonkey.html

www.redhat.com/support/errata/RHSA-2006-0594.html

www.redhat.com/support/errata/RHSA-2006-0608.html

www.redhat.com/support/errata/RHSA-2006-0610.html

www.redhat.com/support/errata/RHSA-2006-0611.html

www.securityfocus.com/archive/1/441333/100/0/threaded

www.securityfocus.com/archive/1/446657/100/200/threaded

www.securityfocus.com/archive/1/446658/100/200/threaded

www.securityfocus.com/bid/19181

www.ubuntu.com/usn/usn-350-1

www.ubuntu.com/usn/usn-354-1

www.ubuntu.com/usn/usn-361-1

www.us-cert.gov/cas/techalerts/TA06-208A.html

www.vupen.com/english/advisories/2006/2998

www.vupen.com/english/advisories/2006/3748

www.vupen.com/english/advisories/2006/3749

www.vupen.com/english/advisories/2007/2350

www.vupen.com/english/advisories/2008/0083

exchange.xforce.ibmcloud.com/vulnerabilities/27992

issues.rpath.com/browse/RPL-536

issues.rpath.com/browse/RPL-537

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9934

usn.ubuntu.com/327-1/

usn.ubuntu.com/329-1/

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

Low

EPSS

0.686

Percentile

98.0%

JSON

Related for CVE-2006-3811