Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-3677Firefox vulnerability

CWE-1622 documents9 sources
Severity
7.5HIGHNVD
NVD7.1
EPSS
67.3%
top 1.43%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
Debian FirefoxDebian ThunderbirdMozilla Firefox+1 more
Timeline
PublishedJul 27
Latest updateMay 3

Description

Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a crash that leads to code execution.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages4 packages

NVDmozilla/firefox5 versions+4
NVDmozilla/seamonkey1.0, 1.0.1, 1.0.2+2
debiandebian/firefox< firefox 1.5.dfsg+1.5.0.5-1 (sid)
debiandebian/thunderbird< firefox 1.5.dfsg+1.5.0.5-1 (sid)

Patches

Patch: secunia.comPatch: secunia.comPatch: secunia.com

🔴Vulnerability Details

3
GHSA
GHSA-wj5j-gg8h-gp5m: Mozilla Firefox 12022-05-03
GHSA
GHSA-6vr8-qvq2-r64x: Mobile Safari on Apple iPhone 12022-05-01
VulnCheck
Mozilla Firefox and SeaMonkey 'window.navigator' Vulnerability2006

💥Exploits & PoCs

4
Exploit-DB
Mozilla Suite/Firefox - Navigator Object Code Execution (Metasploit)2010-09-20
Exploit-DB
Mozilla Firefox 1.5.0.4 - JavaScript Navigator Object Code Execution2006-07-28
Exploit-DB
Mozilla Suite/Firefox < 1.5.0.5 - Navigator Object Code Execution (Metasploit)2006-07-25
Metasploit
Mozilla Suite/Firefox Navigator Object Code Execution

📋Vendor Advisories

4
Ubuntu
firefox vulnerabilities2006-07-28
Red Hat
security flaw2006-07-26
Red Hat
vulnerabilities: CVE-2006-{3113,3677,3801-3812}2006-07-26
Debian
CVE-2006-3677: firefox - Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote atta...2006

💬Community

9
Bugzilla
CVE-2006-3677 security flaw2018-08-16
Bugzilla
Seamonkey multiple vulnerabilities: CVE-2006-{3113,3677,3801-3812}2006-07-27
Bugzilla
major (public) security flaws fixed in firefox 1.5.0.5: CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803,CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-32006-07-27
Bugzilla
CVE-2006-3801 Multiple Seamonkey issues (CVE-2006-3677, CVE-2006-3113, CVE-2006-3802, CVE-2006-3803, CVE-2006-3804, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-2006-07-26
Bugzilla
CVE-2006-3801 Multiple Seamonkey issues (CVE-2006-3677, CVE-2006-3113, CVE-2006-3802, CVE-2006-3803, CVE-2006-3804, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-2006-07-25