CVE-2006-3811 : Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbird before 1

Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Javascript that leads to memory corruption, including (1) nsListControlFrame::FireMenuItemActiveEvent, (2) buffer overflows in the string class in out-of-memory conditions, (3) table row and column groups, (4) "anonymous box selectors outside of UA stylesheets," (5) stale references to "removed nodes," and (6) running the crypto.generateCRMFRequest callback on deleted context.

Published 2006-07-27 20:04:00

Updated 2025-04-03 01:03:51

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Memory CorruptionExecute codeDenial of service

Products affected by CVE-2006-3811

Mozilla » Firefox » Version: 1.5.0.1
cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 1.5
cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 1.5.0.2
cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 1.5.0.3
cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 1.5.0.4
cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 1.5
cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 1.5.0.4
cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 1.5.0.2
cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.2
cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.1
cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0
cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0 DEV Edition
cpe:2.3:a:mozilla:seamonkey:1.0:*:dev:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2006-3811

EPSS FAQ

18.95%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 95 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2006-3811

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2006-3811

http://secunia.com/advisories/21336

About Secunia Research | Flexera
Vendor Advisory

CVEs referencing this url
http://secunia.com/advisories/21243

About Secunia Research | Flexera

CVEs referencing this url
http://www.redhat.com/support/errata/RHSA-2006-0610.html

Support

CVEs referencing this url
http://secunia.com/advisories/21228

About Secunia Research | Flexera
Patch;Vendor Advisory

CVEs referencing this url
http://www.us-cert.gov/cas/techalerts/TA06-208A.html

Page Not Found | CISA
US Government Resource

CVEs referencing this url
http://secunia.com/advisories/21269

About Secunia Research | Flexera

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDKSA-2006:146

Mandriva

CVEs referencing this url
http://www.ubuntu.com/usn/usn-354-1

500: Server error | Ubuntu

CVEs referencing this url
http://secunia.com/advisories/22210

About Secunia Research | Flexera

CVEs referencing this url
http://www.vupen.com/english/advisories/2006/2998

Site en construction

CVEs referencing this url
http://www.ubuntu.com/usn/usn-361-1

USN-361-1: Mozilla vulnerabilities | Ubuntu security notices | Ubuntu

CVEs referencing this url
http://secunia.com/advisories/21216

About Secunia Research | Flexera
Patch;Vendor Advisory

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDKSA-2006:145

Mandriva

CVEs referencing this url
http://secunia.com/advisories/21275

About Secunia Research | Flexera

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9934

404 Not Found
http://secunia.com/advisories/21358

About Secunia Research | Flexera
Vendor Advisory

CVEs referencing this url
http://secunia.com/advisories/21361

About Secunia Research | Flexera
Vendor Advisory

CVEs referencing this url
http://www.vupen.com/english/advisories/2006/3749

Site en construction

CVEs referencing this url
http://secunia.com/advisories/25839

About Secunia Research | Flexera
http://secunia.com/advisories/21246

About Secunia Research | Flexera

CVEs referencing this url
http://secunia.com/advisories/21229

About Secunia Research | Flexera
Patch;Vendor Advisory

CVEs referencing this url
http://www.vupen.com/english/advisories/2008/0083

Webmail: access your OVH emails on ovhcloud.com | OVHcloud

CVEs referencing this url
http://secunia.com/advisories/21250

About Secunia Research | Flexera
Vendor Advisory

CVEs referencing this url
http://www.debian.org/security/2006/dsa-1161

Debian -- The Universal Operating System

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDKSA-2006:143

Mandriva

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2006-0609.html

RHSA-2006:0609 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
http://secunia.com/advisories/22066

About Secunia Research | Flexera

CVEs referencing this url
http://www.ubuntu.com/usn/usn-350-1

USN-350-1: Thunderbird vulnerabilities | Ubuntu security notices | Ubuntu

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/27992

Mozilla Firefox, Thunderbird, and SeaMonkey multiple memory corruption CVE-2006-3811 Vulnerability Report
http://www.mozilla.org/security/announce/2006/mfsa2006-55.html

Crashes with evidence of memory corruption (rv:1.8.0.5) — Mozilla
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2006-0611.html

Support

CVEs referencing this url
http://secunia.com/advisories/21262

About Secunia Research | Flexera
Vendor Advisory

CVEs referencing this url
http://secunia.com/advisories/21343

About Secunia Research | Flexera
Vendor Advisory

CVEs referencing this url
http://securitytracker.com/id?1016587

Access Denied

CVEs referencing this url
http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml

Mozilla Firefox: Multiple vulnerabilities (GLSA 200608-03) — Gentoo security

CVEs referencing this url
http://secunia.com/advisories/21675

About Secunia Research | Flexera

CVEs referencing this url
http://securitytracker.com/id?1016588

GoDaddy Domain Name Search

CVEs referencing this url
http://secunia.com/advisories/21529

About Secunia Research | Flexera
Vendor Advisory

CVEs referencing this url
https://usn.ubuntu.com/329-1/

404: Page not found | Ubuntu

CVEs referencing this url
ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc

Vendor Advisory

CVEs referencing this url
http://secunia.com/advisories/21532

About Secunia Research | Flexera

CVEs referencing this url
http://securitytracker.com/id?1016586

GoDaddy Domain Name Search

CVEs referencing this url
http://secunia.com/advisories/22065

About Secunia Research | Flexera

CVEs referencing this url
https://issues.rpath.com/browse/RPL-536

CVEs referencing this url
http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html

404 Page Not Found | SUSE

CVEs referencing this url
http://secunia.com/advisories/21270

About Secunia Research | Flexera

CVEs referencing this url
http://www.redhat.com/support/errata/RHSA-2006-0608.html

Support

CVEs referencing this url
https://usn.ubuntu.com/327-1/

404: Page not found | Ubuntu

CVEs referencing this url
http://www.kb.cert.org/vuls/id/527676

VU#527676 - Mozilla contains multiple memory corruption vulnerabilities
US Government Resource
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102971-1
http://security.gentoo.org/glsa/glsa-200608-02.xml

Mozilla SeaMonkey: Multiple vulnerabilities (GLSA 200608-02) — Gentoo security

CVEs referencing this url
http://security.gentoo.org/glsa/glsa-200608-04.xml

Mozilla Thunderbird: Multiple vulnerabilities (GLSA 200608-04) — Gentoo security

CVEs referencing this url
http://www.vupen.com/english/advisories/2006/3748

Site en construction

CVEs referencing this url
http://www.redhat.com/support/errata/RHSA-2006-0594.html

Support

CVEs referencing this url
http://secunia.com/advisories/21607

About Secunia Research | Flexera

CVEs referencing this url
http://www.securityfocus.com/archive/1/441333/100/0/threaded

CVEs referencing this url
http://secunia.com/advisories/21631

About Secunia Research | Flexera

CVEs referencing this url
http://www.securityfocus.com/archive/1/446657/100/200/threaded

CVEs referencing this url
http://secunia.com/advisories/22055

About Secunia Research | Flexera

CVEs referencing this url
http://secunia.com/advisories/19873

About Secunia Research | Flexera
Patch;Vendor Advisory

CVEs referencing this url
https://issues.rpath.com/browse/RPL-537

CVEs referencing this url
http://www.vupen.com/english/advisories/2007/2350

Site en construction
http://www.securityfocus.com/bid/19181

Patch

CVEs referencing this url
http://www.securityfocus.com/archive/1/446658/100/200/threaded

CVEs referencing this url
http://secunia.com/advisories/22342

About Secunia Research | Flexera

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2006-3811

Products affected by CVE-2006-3811

Exploit prediction scoring system (EPSS) score for CVE-2006-3811

CVSS scores for CVE-2006-3811

References for CVE-2006-3811