CVE-2006-3806
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
99.9%
Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSource method of the Object, Array, and String objects; and (2) unspecified “string function arguments.”
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mozilla | firefox | 1.5 | cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:* |
| mozilla | firefox | 1.5.0.1 | cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:* |
| mozilla | firefox | 1.5.0.2 | cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:* |
| mozilla | firefox | 1.5.0.3 | cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:* |
| mozilla | firefox | 1.5.0.4 | cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:* |
| mozilla | seamonkey | 1.0 | cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:* |
| mozilla | seamonkey | 1.0 | cpe:2.3:a:mozilla:seamonkey:1.0:*:dev:*:*:*:*:* |
| mozilla | seamonkey | 1.0.1 | cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:* |
| mozilla | seamonkey | 1.0.2 | cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:* |
| mozilla | thunderbird | 1.5 | cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:* |
References
ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc
rhn.redhat.com/errata/RHSA-2006-0609.html
secunia.com/advisories/19873
secunia.com/advisories/21216
secunia.com/advisories/21228
secunia.com/advisories/21229
secunia.com/advisories/21243
secunia.com/advisories/21246
secunia.com/advisories/21250
secunia.com/advisories/21262
secunia.com/advisories/21269
secunia.com/advisories/21270
secunia.com/advisories/21275
secunia.com/advisories/21336
secunia.com/advisories/21343
secunia.com/advisories/21358
secunia.com/advisories/21361
secunia.com/advisories/21529
secunia.com/advisories/21532
secunia.com/advisories/21607
secunia.com/advisories/21631
secunia.com/advisories/21634
secunia.com/advisories/21654
secunia.com/advisories/21675
secunia.com/advisories/22055
secunia.com/advisories/22065
secunia.com/advisories/22066
secunia.com/advisories/22210
secunia.com/advisories/22342
security.gentoo.org/glsa/glsa-200608-02.xml
security.gentoo.org/glsa/glsa-200608-04.xml
securitytracker.com/id?1016586
securitytracker.com/id?1016587
securitytracker.com/id?1016588
sunsolve.sun.com/search/document.do?assetkey=1-26-102763-1
www.debian.org/security/2006/dsa-1159
www.debian.org/security/2006/dsa-1160
www.debian.org/security/2006/dsa-1161
www.gentoo.org/security/en/glsa/glsa-200608-03.xml
www.kb.cert.org/vuls/id/655892
www.mandriva.com/security/advisories?name=MDKSA-2006:143
www.mandriva.com/security/advisories?name=MDKSA-2006:145
www.mandriva.com/security/advisories?name=MDKSA-2006:146
www.mozilla.org/security/announce/2006/mfsa2006-50.html
www.novell.com/linux/security/advisories/2006_48_seamonkey.html
www.redhat.com/support/errata/RHSA-2006-0594.html
www.redhat.com/support/errata/RHSA-2006-0608.html
www.redhat.com/support/errata/RHSA-2006-0610.html
www.redhat.com/support/errata/RHSA-2006-0611.html
www.securityfocus.com/archive/1/441333/100/0/threaded
www.securityfocus.com/archive/1/446657/100/200/threaded
www.securityfocus.com/archive/1/446658/100/200/threaded
www.securityfocus.com/bid/19181
www.ubuntu.com/usn/usn-350-1
www.ubuntu.com/usn/usn-354-1
www.ubuntu.com/usn/usn-361-1
www.us-cert.gov/cas/techalerts/TA06-208A.html
www.vupen.com/english/advisories/2006/2998
www.vupen.com/english/advisories/2006/3748
www.vupen.com/english/advisories/2006/3749
www.vupen.com/english/advisories/2007/0058
www.vupen.com/english/advisories/2008/0083
exchange.xforce.ibmcloud.com/vulnerabilities/27987
issues.rpath.com/browse/RPL-536
issues.rpath.com/browse/RPL-537
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11232
usn.ubuntu.com/327-1/
usn.ubuntu.com/329-1/
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
99.9%