Vulnerability Details : CVE-2006-3805
The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used.
Vulnerability category: Execute code
Products affected by CVE-2006-3805
- cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:*:dev:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-3805
70.47%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-3805
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2006-3805
-
http://www.redhat.com/support/errata/RHSA-2006-0610.html
Support
-
http://www.us-cert.gov/cas/techalerts/TA06-208A.html
Page Not Found | CISAUS Government Resource
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:146
Mandriva
-
http://www.ubuntu.com/usn/usn-354-1
500: Server error | Ubuntu
-
http://www.vupen.com/english/advisories/2006/2998
Site en construction
-
http://www.ubuntu.com/usn/usn-361-1
USN-361-1: Mozilla vulnerabilities | Ubuntu security notices | Ubuntu
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:145
Mandriva
-
http://www.mozilla.org/security/announce/2006/mfsa2006-50.html
JavaScript engine vulnerabilities — MozillaVendor Advisory
-
http://www.vupen.com/english/advisories/2006/3749
Site en construction
-
http://www.kb.cert.org/vuls/id/876420
VU#876420 - Mozilla fails to properly handle garbage collectionUS Government Resource
-
http://www.vupen.com/english/advisories/2008/0083
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://www.debian.org/security/2006/dsa-1161
Debian -- The Universal Operating System
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:143
Mandriva
-
http://www.debian.org/security/2006/dsa-1159
Debian -- The Universal Operating System
-
http://rhn.redhat.com/errata/RHSA-2006-0609.html
RHSA-2006:0609 - Security Advisory - Red Hat Customer Portal
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10690
404 Not Found
-
http://www.ubuntu.com/usn/usn-350-1
USN-350-1: Thunderbird vulnerabilities | Ubuntu security notices | Ubuntu
-
http://www.redhat.com/support/errata/RHSA-2006-0611.html
Support
-
http://securitytracker.com/id?1016587
Access Denied
-
http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml
Mozilla Firefox: Multiple vulnerabilities (GLSA 200608-03) — Gentoo security
-
http://securitytracker.com/id?1016588
GoDaddy Domain Name Search
-
https://usn.ubuntu.com/329-1/
404: Page not found | Ubuntu
-
ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc
-
http://securitytracker.com/id?1016586
GoDaddy Domain Name Search
-
http://www.debian.org/security/2006/dsa-1160
Debian -- The Universal Operating System
-
https://issues.rpath.com/browse/RPL-536
-
http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html
404 Page Not Found | SUSE
-
http://www.redhat.com/support/errata/RHSA-2006-0608.html
Support
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102763-1
-
https://usn.ubuntu.com/327-1/
404: Page not found | Ubuntu
-
http://security.gentoo.org/glsa/glsa-200608-02.xml
Mozilla SeaMonkey: Multiple vulnerabilities (GLSA 200608-02) — Gentoo security
-
http://security.gentoo.org/glsa/glsa-200608-04.xml
Mozilla Thunderbird: Multiple vulnerabilities (GLSA 200608-04) — Gentoo security
-
http://www.vupen.com/english/advisories/2006/3748
Site en construction
-
http://www.redhat.com/support/errata/RHSA-2006-0594.html
Support
-
http://www.securityfocus.com/archive/1/441333/100/0/threaded
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/27986
Mozilla Firefox, Thunderbird and SeaMonkey garbage collection code execution CVE-2006-3805 Vulnerability Report
-
http://www.securityfocus.com/archive/1/446657/100/200/threaded
-
https://issues.rpath.com/browse/RPL-537
-
http://www.securityfocus.com/bid/19181
Patch
-
http://www.securityfocus.com/archive/1/446658/100/200/threaded
Jump to