Vulnerability Details : CVE-2006-3806
Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSource method of the Object, Array, and String objects; and (2) unspecified "string function arguments."
Vulnerability category: Execute code
Products affected by CVE-2006-3806
- cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:*:dev:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-3806
97.40%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-3806
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2006-3806
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2006-3806
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/27987
Mozilla Firefox, Thunderbird and SeaMonkey JavaScript engine multiple integer overflows CVE-2006-3806 Vulnerability Report
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11232
404 Not Found
-
http://www.redhat.com/support/errata/RHSA-2006-0610.html
SupportVendor Advisory
-
http://www.us-cert.gov/cas/techalerts/TA06-208A.html
Page Not Found | CISAUS Government Resource
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:146
Mandriva
-
http://www.ubuntu.com/usn/usn-354-1
500: Server error | Ubuntu
-
http://www.vupen.com/english/advisories/2006/2998
Site en construction
-
http://www.ubuntu.com/usn/usn-361-1
USN-361-1: Mozilla vulnerabilities | Ubuntu security notices | Ubuntu
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:145
Mandriva
-
http://www.mozilla.org/security/announce/2006/mfsa2006-50.html
JavaScript engine vulnerabilities — MozillaVendor Advisory
-
http://www.vupen.com/english/advisories/2006/3749
Site en construction
-
http://www.kb.cert.org/vuls/id/655892
VU#655892 - Mozilla JavaScript engine contains multiple integer overflowsThird Party Advisory;US Government Resource
-
http://www.vupen.com/english/advisories/2008/0083
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://www.debian.org/security/2006/dsa-1161
Debian -- The Universal Operating System
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:143
Mandriva
-
http://www.debian.org/security/2006/dsa-1159
Debian -- The Universal Operating System
-
http://rhn.redhat.com/errata/RHSA-2006-0609.html
RHSA-2006:0609 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
http://www.ubuntu.com/usn/usn-350-1
USN-350-1: Thunderbird vulnerabilities | Ubuntu security notices | Ubuntu
-
http://www.redhat.com/support/errata/RHSA-2006-0611.html
SupportVendor Advisory
-
http://securitytracker.com/id?1016587
Access Denied
-
http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml
Mozilla Firefox: Multiple vulnerabilities (GLSA 200608-03) — Gentoo security
-
http://securitytracker.com/id?1016588
GoDaddy Domain Name Search
-
https://usn.ubuntu.com/329-1/
404: Page not found | Ubuntu
-
ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc
-
http://securitytracker.com/id?1016586
GoDaddy Domain Name Search
-
http://www.debian.org/security/2006/dsa-1160
Debian -- The Universal Operating System
-
https://issues.rpath.com/browse/RPL-536
-
http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html
404 Page Not Found | SUSE
-
http://www.redhat.com/support/errata/RHSA-2006-0608.html
SupportVendor Advisory
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102763-1
-
https://usn.ubuntu.com/327-1/
404: Page not found | Ubuntu
-
http://security.gentoo.org/glsa/glsa-200608-02.xml
Mozilla SeaMonkey: Multiple vulnerabilities (GLSA 200608-02) — Gentoo security
-
http://security.gentoo.org/glsa/glsa-200608-04.xml
Mozilla Thunderbird: Multiple vulnerabilities (GLSA 200608-04) — Gentoo security
-
http://www.vupen.com/english/advisories/2006/3748
Site en construction
-
http://www.redhat.com/support/errata/RHSA-2006-0594.html
Support
-
http://www.securityfocus.com/archive/1/441333/100/0/threaded
-
http://www.securityfocus.com/archive/1/446657/100/200/threaded
-
https://issues.rpath.com/browse/RPL-537
-
http://www.securityfocus.com/bid/19181
Patch
-
http://www.securityfocus.com/archive/1/446658/100/200/threaded
-
http://www.vupen.com/english/advisories/2007/0058
Site en construction
Jump to