Vulnerability Details : CVE-2006-3677
Public exploit exists!
Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a crash that leads to code execution.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2006-3677
97.38%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2006-3677
-
Mozilla Suite/Firefox Navigator Object Code Execution
Disclosure Date: 2006-07-25First seen: 2020-04-26exploit/multi/browser/mozilla_navigatorjavaThis module exploits a code execution vulnerability in the Mozilla Suite, Mozilla Firefox, and Mozilla Thunderbird applications. This exploit requires the Java plugin to be installed. Authors: - hdm <x@hdm.io>
CVSS scores for CVE-2006-3677
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2006-3677
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2006-3677
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/27981
-
http://www.redhat.com/support/errata/RHSA-2006-0610.html
SupportVendor Advisory
-
http://www.us-cert.gov/cas/techalerts/TA06-208A.html
Page Not Found | CISAUS Government Resource
-
http://www.ubuntu.com/usn/usn-354-1
500: Server error | Ubuntu
-
http://www.vupen.com/english/advisories/2006/2998
Site en constructionVendor Advisory
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:145
Mandriva
-
http://www.vupen.com/english/advisories/2008/0083
Webmail: access your OVH emails on ovhcloud.com | OVHcloudVendor Advisory
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:143
Mandriva
-
http://rhn.redhat.com/errata/RHSA-2006-0609.html
RHSA-2006:0609 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2006-0611.html
SupportVendor Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10745
-
http://securitytracker.com/id?1016587
Access Denied
-
http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml
Mozilla Firefox: Multiple vulnerabilities (GLSA 200608-03) — Gentoo security
-
http://www.securityfocus.com/archive/1/441332/100/0/threaded
-
ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc
-
http://www.securityfocus.com/bid/19192
Mozilla Firefox Javascript Navigator Object Remote Code Execution VulnerabilityPatch
-
http://securitytracker.com/id?1016586
GoDaddy Domain Name Search
-
https://issues.rpath.com/browse/RPL-536
-
http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html
404 Page Not Found | SUSE
-
http://www.redhat.com/support/errata/RHSA-2006-0608.html
SupportVendor Advisory
-
https://usn.ubuntu.com/327-1/
404: Page not found | Ubuntu
-
http://www.mozilla.org/security/announce/2006/mfsa2006-45.html
Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/39998
-
http://security.gentoo.org/glsa/glsa-200608-02.xml
Mozilla SeaMonkey: Multiple vulnerabilities (GLSA 200608-02) — Gentoo security
-
http://www.vupen.com/english/advisories/2006/3748
Site en constructionVendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2006-0594.html
SupportVendor Advisory
-
http://www.securityfocus.com/archive/1/441333/100/0/threaded
-
http://www.zerodayinitiative.com/advisories/ZDI-06-025.html
Vendor Advisory
-
http://www.kb.cert.org/vuls/id/670060
Third Party Advisory;US Government Resource
-
http://www.securityfocus.com/bid/19181
-
http://www.securityfocus.com/archive/1/446658/100/200/threaded
Products affected by CVE-2006-3677
- cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:*:dev:*:*:*:*:*