CVE-2006-3804 — Integer Underflow (Wrap or Wraparound) in Thunderbird

16 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

17.7%

top 4.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Thunderbird Debian Thunderbird Mozilla Seamonkey

Timeline

PublishedJul 27

Latest updateMay 3

Description

Heap-based buffer overflow in Mozilla Thunderbird before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service (crash) via a VCard attachment with a malformed base64 field, which copies more data than expected due to an integer underflow.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶Debianmozilla/thunderbird< 1.5.0.5-1+3

▶NVDmozilla/seamonkey1.0, 1.0.1, 1.0.2+2

▶NVDmozilla/thunderbird1.5, 1.5.0.2, 1.5.0.4+2

▶debiandebian/thunderbird< thunderbird 1.5.0.5-1 (bookworm)

Patches

Patch: secunia.com ↗Patch: secunia.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-gf24-q725-m5hh: Heap-based buffer overflow in Mozilla Thunderbird before 1↗2022-05-03

▶

OSV

CVE-2006-3804: Heap-based buffer overflow in Mozilla Thunderbird before 1↗2006-07-27

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2006-09-22

▶

Ubuntu

Thunderbird vulnerabilities↗2006-07-29

▶

Red Hat

security flaw↗2006-07-26

▶

Debian

CVE-2006-3804: thunderbird - Heap-based buffer overflow in Mozilla Thunderbird before 1.5.0.5 and SeaMonkey b...↗2006

▶

💬Community

Bugzilla

CVE-2006-3804 security flaw↗2018-08-16

▶

Bugzilla

CVE-2006-3801, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3811, CVE-2006-3812: major (public) security flaws fixed in firefox 1.5.0.5↗2006-07-28

▶

Bugzilla

Seamonkey multiple vulnerabilities: CVE-2006-{3113,3677,3801-3812}↗2006-07-27

▶

Bugzilla

major (public) security flaws fixed in firefox 1.5.0.5: CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803,CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3↗2006-07-27

▶

Bugzilla

CVE-2006-3801 Multiple Seamonkey issues (CVE-2006-3677, CVE-2006-3113, CVE-2006-3802, CVE-2006-3803, CVE-2006-3804, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-↗2006-07-26

▶