Vulnerability Details : CVE-2006-3811
Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Javascript that leads to memory corruption, including (1) nsListControlFrame::FireMenuItemActiveEvent, (2) buffer overflows in the string class in out-of-memory conditions, (3) table row and column groups, (4) "anonymous box selectors outside of UA stylesheets," (5) stale references to "removed nodes," and (6) running the crypto.generateCRMFRequest callback on deleted context.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Products affected by CVE-2006-3811
- cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:*:dev:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-3811
68.56%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-3811
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2006-3811
-
http://www.redhat.com/support/errata/RHSA-2006-0610.html
Support
-
http://www.us-cert.gov/cas/techalerts/TA06-208A.html
Page Not Found | CISAUS Government Resource
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:146
Mandriva
-
http://www.ubuntu.com/usn/usn-354-1
500: Server error | Ubuntu
-
http://www.vupen.com/english/advisories/2006/2998
Site en construction
-
http://www.ubuntu.com/usn/usn-361-1
USN-361-1: Mozilla vulnerabilities | Ubuntu security notices | Ubuntu
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:145
Mandriva
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9934
404 Not Found
-
http://www.vupen.com/english/advisories/2006/3749
Site en construction
-
http://www.vupen.com/english/advisories/2008/0083
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://www.debian.org/security/2006/dsa-1161
Debian -- The Universal Operating System
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:143
Mandriva
-
http://rhn.redhat.com/errata/RHSA-2006-0609.html
RHSA-2006:0609 - Security Advisory - Red Hat Customer Portal
-
http://www.ubuntu.com/usn/usn-350-1
USN-350-1: Thunderbird vulnerabilities | Ubuntu security notices | Ubuntu
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/27992
Mozilla Firefox, Thunderbird, and SeaMonkey multiple memory corruption CVE-2006-3811 Vulnerability Report
-
http://www.mozilla.org/security/announce/2006/mfsa2006-55.html
Crashes with evidence of memory corruption (rv:1.8.0.5) — MozillaVendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2006-0611.html
Support
-
http://securitytracker.com/id?1016587
Access Denied
-
http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml
Mozilla Firefox: Multiple vulnerabilities (GLSA 200608-03) — Gentoo security
-
http://securitytracker.com/id?1016588
GoDaddy Domain Name Search
-
https://usn.ubuntu.com/329-1/
404: Page not found | Ubuntu
-
ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc
Vendor Advisory
-
http://securitytracker.com/id?1016586
GoDaddy Domain Name Search
-
https://issues.rpath.com/browse/RPL-536
-
http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html
404 Page Not Found | SUSE
-
http://www.redhat.com/support/errata/RHSA-2006-0608.html
Support
-
https://usn.ubuntu.com/327-1/
404: Page not found | Ubuntu
-
http://www.kb.cert.org/vuls/id/527676
VU#527676 - Mozilla contains multiple memory corruption vulnerabilitiesUS Government Resource
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102971-1
-
http://security.gentoo.org/glsa/glsa-200608-02.xml
Mozilla SeaMonkey: Multiple vulnerabilities (GLSA 200608-02) — Gentoo security
-
http://security.gentoo.org/glsa/glsa-200608-04.xml
Mozilla Thunderbird: Multiple vulnerabilities (GLSA 200608-04) — Gentoo security
-
http://www.vupen.com/english/advisories/2006/3748
Site en construction
-
http://www.redhat.com/support/errata/RHSA-2006-0594.html
Support
-
http://www.securityfocus.com/archive/1/441333/100/0/threaded
-
http://www.securityfocus.com/archive/1/446657/100/200/threaded
-
https://issues.rpath.com/browse/RPL-537
-
http://www.vupen.com/english/advisories/2007/2350
Site en construction
-
http://www.securityfocus.com/bid/19181
Patch
-
http://www.securityfocus.com/archive/1/446658/100/200/threaded
Jump to