CVE-2006-3113 — Out-of-bounds Write in Firefox

18 documents7 sources

Severity

7.5HIGHNVD

EPSS

27.5%

top 3.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Thunderbird Debian Firefox Debian Thunderbird +2 more

Timeline

PublishedJul 27

Latest updateMay 3

Description

Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via simultaneous XPCOM events, which causes a timer object to be deleted in a way that triggers memory corruption.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages6 packages

▶Debianmozilla/thunderbird< 1.5.0.5-1+3

▶NVDmozilla/firefox5 versions+4

▶NVDmozilla/seamonkey1.0, 1.0.1, 1.0.2+2

▶NVDmozilla/thunderbird1.5, 1.5.0.2, 1.5.0.4+2

▶debiandebian/firefox< firefox 1.5.dfsg+1.5.0.5-1 (sid)

Patches

Patch: secunia.com ↗Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-6cp2-rh42-x39q: Mozilla Firefox 1↗2022-05-03

▶

OSV

CVE-2006-3113: Mozilla Firefox 1↗2006-07-27

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2006-09-22

▶

Ubuntu

Thunderbird vulnerabilities↗2006-07-29

▶

Ubuntu

firefox vulnerabilities↗2006-07-28

▶

Red Hat

security flaw↗2006-07-26

▶

Red Hat

vulnerabilities: CVE-2006-{3113,3677,3801-3812}↗2006-07-26

▶

💬Community

Bugzilla

CVE-2006-3113 security flaw↗2018-08-16

▶

Bugzilla

Seamonkey multiple vulnerabilities: CVE-2006-{3113,3677,3801-3812}↗2006-07-27

▶

Bugzilla

major (public) security flaws fixed in firefox 1.5.0.5: CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803,CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3↗2006-07-27

▶

Bugzilla

CVE-2006-3801 Multiple Seamonkey issues (CVE-2006-3677, CVE-2006-3113, CVE-2006-3802, CVE-2006-3803, CVE-2006-3804, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-↗2006-07-26

▶

Bugzilla

▶