CVE-2006-3805 — Firefox vulnerability

21 documents7 sources

Severity

10.0CRITICALNVD

NVD7.5OSV7.5

EPSS

23.0%

top 4.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Thunderbird Debian Firefox Debian Thunderbird +3 more

Timeline

PublishedJul 27

Latest updateMay 3

Description

The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages7 packages

▶Debianmozilla/thunderbird< 1.5.0.5-1+3

▶NVDmozilla/firefox5 versions+4

▶NVDmozilla/seamonkey1.0, 1.0.1, 1.0.2+2

▶NVDmozilla/thunderbird1.5, 1.5.0.2, 1.5.0.4+2

▶debiandebian/firefox< firefox 1.5.dfsg+1.5.0.5-1 (sid)

Patches

Patch: secunia.com ↗Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-x653-3j24-7h2r: The Javascript engine in Mozilla Firefox before 1↗2022-05-03

▶

GHSA

GHSA-whc6-8wvp-96v2: The Javascript engine in Mozilla 1↗2022-05-01

▶

OSV

CVE-2006-3805: The Javascript engine in Mozilla Firefox before 1↗2006-07-27

▶

📋Vendor Advisories

Ubuntu

Mozilla vulnerabilities↗2006-10-10

▶

Ubuntu

Thunderbird vulnerabilities↗2006-09-22

▶

Ubuntu

Thunderbird vulnerabilities↗2006-07-29

▶

Ubuntu

firefox vulnerabilities↗2006-07-28

▶

Red Hat

security flaw↗2006-07-26

▶

💬Community

Bugzilla

CVE-2006-3805 security flaw↗2018-08-16

▶

Bugzilla

CVE-2006-3801, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3811, CVE-2006-3812: major (public) security flaws fixed in firefox 1.5.0.5↗2006-07-28

▶

Bugzilla

Seamonkey multiple vulnerabilities: CVE-2006-{3113,3677,3801-3812}↗2006-07-27

▶

Bugzilla

major (public) security flaws fixed in firefox 1.5.0.5: CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803,CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3↗2006-07-27

▶

Bugzilla

CVE-2006-3801 Multiple Seamonkey issues (CVE-2006-3677, CVE-2006-3113, CVE-2006-3802, CVE-2006-3803, CVE-2006-3804, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-↗2006-07-26

▶