CVE-2006-3806

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSource method of the Object, Array, and String objects; and (2) unspecified "string function arguments."

References

ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc

http://rhn.redhat.com/errata/RHSA-2006-0609.html

http://secunia.com/advisories/19873

http://secunia.com/advisories/21216

http://secunia.com/advisories/21228

http://secunia.com/advisories/21229

http://secunia.com/advisories/21243

http://secunia.com/advisories/21246

http://secunia.com/advisories/21250

http://secunia.com/advisories/21262

http://secunia.com/advisories/21269

http://secunia.com/advisories/21270

http://secunia.com/advisories/21275

http://secunia.com/advisories/21336

http://secunia.com/advisories/21343

http://secunia.com/advisories/21358

http://secunia.com/advisories/21361

http://secunia.com/advisories/21529

http://secunia.com/advisories/21532

http://secunia.com/advisories/21607

http://secunia.com/advisories/21631

http://secunia.com/advisories/21634

http://secunia.com/advisories/21654

http://secunia.com/advisories/21675

http://secunia.com/advisories/22055

http://secunia.com/advisories/22065

http://secunia.com/advisories/22066

http://secunia.com/advisories/22210

http://secunia.com/advisories/22342

http://security.gentoo.org/glsa/glsa-200608-02.xml

http://security.gentoo.org/glsa/glsa-200608-04.xml

http://securitytracker.com/id?1016586

http://securitytracker.com/id?1016587

http://securitytracker.com/id?1016588

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102763-1

http://www.debian.org/security/2006/dsa-1159

http://www.debian.org/security/2006/dsa-1160

http://www.debian.org/security/2006/dsa-1161

http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml

http://www.kb.cert.org/vuls/id/655892

http://www.mandriva.com/security/advisories?name=MDKSA-2006:143

http://www.mandriva.com/security/advisories?name=MDKSA-2006:145

http://www.mandriva.com/security/advisories?name=MDKSA-2006:146

http://www.mozilla.org/security/announce/2006/mfsa2006-50.html

http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html

http://www.redhat.com/support/errata/RHSA-2006-0594.html

http://www.redhat.com/support/errata/RHSA-2006-0608.html

http://www.redhat.com/support/errata/RHSA-2006-0610.html

http://www.redhat.com/support/errata/RHSA-2006-0611.html

http://www.securityfocus.com/archive/1/441333/100/0/threaded

http://www.securityfocus.com/archive/1/446657/100/200/threaded

http://www.securityfocus.com/archive/1/446658/100/200/threaded

http://www.securityfocus.com/bid/19181

http://www.ubuntu.com/usn/usn-350-1

http://www.ubuntu.com/usn/usn-354-1

http://www.ubuntu.com/usn/usn-361-1

http://www.us-cert.gov/cas/techalerts/TA06-208A.html

http://www.vupen.com/english/advisories/2006/2998

http://www.vupen.com/english/advisories/2006/3748

http://www.vupen.com/english/advisories/2006/3749

http://www.vupen.com/english/advisories/2007/0058

http://www.vupen.com/english/advisories/2008/0083

https://exchange.xforce.ibmcloud.com/vulnerabilities/27987

https://issues.rpath.com/browse/RPL-536

https://issues.rpath.com/browse/RPL-537

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11232

https://usn.ubuntu.com/327-1/

https://usn.ubuntu.com/329-1/

Details

Source: MITRE

Published: 2006-07-27

Updated: 2018-10-17

Type: CWE-189

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (34 total)

IDNameProductFamilySeverity
67424Oracle Linux 4 : thunderbird (ELSA-2006-0735 / ELSA-2006-0677 / ELBA-2006-0624 / ELSA-2006-0611)NessusOracle Linux Local Security Checks
critical
67422Oracle Linux 4 : firefox (ELSA-2006-0733 / ELSA-2006-0675 / ELSA-2006-0610)NessusOracle Linux Local Security Checks
critical
29354SuSE 10 Security Update : Firefox (ZYPP Patch Number 1960)NessusSuSE Local Security Checks
high
27941Ubuntu 5.04 / 5.10 : mozilla vulnerabilities (USN-361-1)NessusUbuntu Local Security Checks
critical
27930Ubuntu 5.10 : mozilla-thunderbird vulnerabilities (USN-350-1)NessusUbuntu Local Security Checks
critical
27908Ubuntu 6.06 LTS : mozilla-thunderbird vulnerabilities (USN-329-1)NessusUbuntu Local Security Checks
critical
27905Ubuntu 6.06 LTS : firefox vulnerabilities (USN-327-1)NessusUbuntu Local Security Checks
critical
27435openSUSE 10 Security Update : seamonkey (seamonkey-1952)NessusSuSE Local Security Checks
high
27125openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-1924)NessusSuSE Local Security Checks
high
27113openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-1981)NessusSuSE Local Security Checks
high
23894Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2006:146)NessusMandriva Local Security Checks
critical
23892Mandrake Linux Security Advisory : mozilla-firefox (MDKSA-2006:143-1)NessusMandriva Local Security Checks
critical
22703Debian DSA-1161-2 : mozilla-firefox - several vulnerabilitiesNessusDebian Local Security Checks
high
22702Debian DSA-1160-2 : mozilla - several vulnerabilitiesNessusDebian Local Security Checks
high
22701Debian DSA-1159-2 : mozilla-thunderbird - several vulnerabilitiesNessusDebian Local Security Checks
high
22291RHEL 2.1 : seamonkey (RHSA-2006:0594)NessusRed Hat Local Security Checks
high
22163CentOS 4 : seamonkey (CESA-2006:0609)NessusCentOS Local Security Checks
high
22162CentOS 3 : seamonkey (CESA-2006:0608)NessusCentOS Local Security Checks
high
22150RHEL 4 : seamonkey (RHSA-2006:0609)NessusRed Hat Local Security Checks
high
22146GLSA-200608-04 : Mozilla Thunderbird: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
22145GLSA-200608-03 : Mozilla Firefox: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
22144GLSA-200608-02 : Mozilla SeaMonkey: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
22138CentOS 4 : thunderbird (CESA-2006:0611)NessusCentOS Local Security Checks
high
22137CentOS 4 : Firefox (CESA-2006:0610)NessusCentOS Local Security Checks
high
22122RHEL 4 : thunderbird (RHSA-2006:0611)NessusRed Hat Local Security Checks
high
22121RHEL 4 : firefox (RHSA-2006:0610)NessusRed Hat Local Security Checks
high
3695Mozilla Firefox 1.5.x < 1.5.0.5 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
3694Mozilla Thunderbird < 1.5.0.5 Multiple Vulnerabilities (deprecated)Nessus Network MonitorSMTP Clients
medium
22114RHEL 3 : seamonkey (RHSA-2006:0608)NessusRed Hat Local Security Checks
high
22105FreeBSD : mozilla -- multiple vulnerabilities (e2a92664-1d60-11db-88cf-000c6ec775d9)NessusFreeBSD Local Security Checks
high
22097SeaMonkey < 1.0.3 Multiple VulnerabilitiesNessusWindows
high
22096Mozilla Thunderbird < 1.5.0.5 Multiple VulnerabilitiesNessusWindows
high
22095Firefox < 1.5.0.5 Multiple VulnerabilitiesNessusWindows
high
801227Mozilla Thunderbird < 1.5.0.5 Multiple VulnerabilitiesLog Correlation EngineSMTP Clients
high