CVE-2006-3806 — Firefox vulnerability

CWE-18920 documents7 sources

Severity

7.5HIGHNVD

EPSS

27.0%

top 3.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Thunderbird Debian Firefox Debian Thunderbird +2 more

Timeline

PublishedJul 27

Latest updateMay 3

Description

Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSource method of the Object, Array, and String objects; and (2) unspecified "string function arguments."

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages6 packages

▶Debianmozilla/thunderbird< 1.5.0.5-1+3

▶NVDmozilla/firefox5 versions+4

▶NVDmozilla/seamonkey1.0, 1.0.1, 1.0.2+2

▶NVDmozilla/thunderbird1.5, 1.5.0.2, 1.5.0.4+2

▶debiandebian/firefox< firefox 1.5.dfsg+1.5.0.5-1 (sid)

Patches

Patch: secunia.com ↗Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-cwr4-w68c-gmq5: Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1↗2022-05-03

▶

OSV

CVE-2006-3806: Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1↗2006-07-27

▶

📋Vendor Advisories

Ubuntu

Mozilla vulnerabilities↗2006-10-10

▶

Ubuntu

Thunderbird vulnerabilities↗2006-09-22

▶

Ubuntu

Thunderbird vulnerabilities↗2006-07-29

▶

Ubuntu

firefox vulnerabilities↗2006-07-28

▶

Red Hat

security flaw↗2006-07-26

▶

💬Community

Bugzilla

CVE-2006-3806 security flaw↗2018-08-16

▶

Bugzilla

CVE-2006-3801, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3811, CVE-2006-3812: major (public) security flaws fixed in firefox 1.5.0.5↗2006-07-28

▶

Bugzilla

Seamonkey multiple vulnerabilities: CVE-2006-{3113,3677,3801-3812}↗2006-07-27

▶

Bugzilla

major (public) security flaws fixed in firefox 1.5.0.5: CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803,CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3↗2006-07-27

▶

Bugzilla

CVE-2006-3801 Multiple Seamonkey issues (CVE-2006-3677, CVE-2006-3113, CVE-2006-3802, CVE-2006-3803, CVE-2006-3804, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-↗2006-07-26

▶