CVE-2006-3803Race Condition in Firefox

17 documents7 sources
Severity
5.1MEDIUMNVD
EPSS
24.7%
top 3.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Mozilla ThunderbirdDebian FirefoxDebian Thunderbird+2 more
Timeline
PublishedJul 27
Latest updateMay 3

Description

Race condition in the JavaScript garbage collection in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code by causing the garbage collector to delete a temporary variable while it is still being used during the creation of a new Function object.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages6 packages

Debianmozilla/thunderbird< 1.5.0.5-1+3
NVDmozilla/firefox5 versions+4
NVDmozilla/seamonkey1.0, 1.0.1, 1.0.2+2
NVDmozilla/thunderbird1.5, 1.5.0.2, 1.5.0.4+2
debiandebian/firefox< firefox 1.5.dfsg+1.5.0.5-1 (sid)

Patches

Patch: secunia.comPatch: secunia.comPatch: secunia.com

🔴Vulnerability Details

2
GHSA
GHSA-w9wh-5q96-r696: Race condition in the JavaScript garbage collection in Mozilla Firefox 12022-05-03
OSV
CVE-2006-3803: Race condition in the JavaScript garbage collection in Mozilla Firefox 12006-07-27

📋Vendor Advisories

5
Ubuntu
Thunderbird vulnerabilities2006-09-22
Ubuntu
Thunderbird vulnerabilities2006-07-29
Ubuntu
firefox vulnerabilities2006-07-28
Red Hat
security flaw2006-07-26
Debian
CVE-2006-3803: firefox - Race condition in the JavaScript garbage collection in Mozilla Firefox 1.5 befor...2006

💬Community

9
Bugzilla
CVE-2006-3803 security flaw2018-08-16
Bugzilla
Seamonkey multiple vulnerabilities: CVE-2006-{3113,3677,3801-3812}2006-07-27
Bugzilla
major (public) security flaws fixed in firefox 1.5.0.5: CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803,CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-32006-07-27
Bugzilla
CVE-2006-3801 Multiple Seamonkey issues (CVE-2006-3677, CVE-2006-3113, CVE-2006-3802, CVE-2006-3803, CVE-2006-3804, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-2006-07-26
Bugzilla
CVE-2006-3801 Multiple Seamonkey issues (CVE-2006-3677, CVE-2006-3113, CVE-2006-3802, CVE-2006-3803, CVE-2006-3804, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-2006-07-25