cbcvebase.
CVE-2006-3811
published 2006-07-27

CVE-2006-3811: Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allow remote attackers to cause a denial of…

PriorityP431high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
7.47%
93.7th percentile
Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Javascript that leads to memory corruption, including (1) nsListControlFrame::FireMenuItemActiveEvent, (2) buffer overflows in the string class in out-of-memory conditions, (3) table row and column groups, (4) "anonymous box selectors outside of UA stylesheets," (5) stale references to "removed nodes," and (6) running the crypto.generateCRMFRequest callback on deleted context.

Affected

17 ranges
VendorProductVersion rangeFixed in
debianfirefox< firefox 1.5.dfsg+1.5.0.5-1 (sid)firefox 1.5.dfsg+1.5.0.5-1 (sid)
debianthunderbird< firefox 1.5.dfsg+1.5.0.5-1 (sid)firefox 1.5.dfsg+1.5.0.5-1 (sid)
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillaseamonkey
mozillaseamonkey
mozillaseamonkey
mozillathunderbird
mozillathunderbird
mozillathunderbird
mozillathunderbird>= 0 < 1.5.0.5-11.5.0.5-1
mozillathunderbird>= 0 < 1.5.0.5-11.5.0.5-1
mozillathunderbird>= 0 < 1.5.0.5-11.5.0.5-1
mozillathunderbird>= 0 < 1.5.0.5-11.5.0.5-1

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.