Vulnerability Details : CVE-2006-3810
Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the XPCNativeWrapper(window).Function construct.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2006-3810
- cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:*:dev:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-3810
61.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-3810
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
References for CVE-2006-3810
-
http://www.redhat.com/support/errata/RHSA-2006-0610.html
Support
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:146
Mandriva
-
http://www.ubuntu.com/usn/usn-354-1
500: Server error | Ubuntu
-
http://www.vupen.com/english/advisories/2006/2998
Site en construction
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:145
Mandriva
-
http://www.vupen.com/english/advisories/2006/3749
Site en construction
-
http://www.vupen.com/english/advisories/2008/0083
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:143
Mandriva
-
http://www.debian.org/security/2006/dsa-1159
Debian -- The Universal Operating System
-
http://rhn.redhat.com/errata/RHSA-2006-0609.html
RHSA-2006:0609 - Security Advisory - Red Hat Customer Portal
-
http://www.ubuntu.com/usn/usn-350-1
USN-350-1: Thunderbird vulnerabilities | Ubuntu security notices | Ubuntu
-
http://www.mozilla.org/security/announce/2006/mfsa2006-54.html
XSS with XPCNativeWrapper(window).Function(...) — MozillaVendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2006-0611.html
Support
-
http://securitytracker.com/id?1016587
Access Denied
-
http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml
Mozilla Firefox: Multiple vulnerabilities (GLSA 200608-03) — Gentoo security
-
http://securitytracker.com/id?1016588
GoDaddy Domain Name Search
-
https://usn.ubuntu.com/329-1/
404: Page not found | Ubuntu
-
ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/27991
Mozilla Firefox, Thunderbird, and SeaMonkey XPCNativeWrapper cross-site scripting CVE-2006-3810 Vulnerability Report
-
http://securitytracker.com/id?1016586
GoDaddy Domain Name Search
-
http://www.debian.org/security/2006/dsa-1160
Debian -- The Universal Operating System
-
https://issues.rpath.com/browse/RPL-536
-
http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html
404 Page Not Found | SUSE
-
http://www.redhat.com/support/errata/RHSA-2006-0608.html
Support
-
https://usn.ubuntu.com/327-1/
404: Page not found | Ubuntu
-
http://security.gentoo.org/glsa/glsa-200608-02.xml
Mozilla SeaMonkey: Multiple vulnerabilities (GLSA 200608-02) — Gentoo security
-
http://security.gentoo.org/glsa/glsa-200608-04.xml
Mozilla Thunderbird: Multiple vulnerabilities (GLSA 200608-04) — Gentoo security
-
http://www.vupen.com/english/advisories/2006/3748
Site en construction
-
http://www.redhat.com/support/errata/RHSA-2006-0594.html
Support
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10113
404 Not Found
-
http://www.securityfocus.com/archive/1/441333/100/0/threaded
-
http://www.securityfocus.com/archive/1/446657/100/200/threaded
-
https://issues.rpath.com/browse/RPL-537
-
http://www.kb.cert.org/vuls/id/911004
VU#911004 - Mozilla Firefox fails to properly handle the "XPCNativeWrapper(window).Function(...)"US Government Resource
-
http://www.securityfocus.com/bid/19181
Patch
-
http://www.securityfocus.com/archive/1/446658/100/200/threaded
Jump to