CVE-2006-5463
published 2006-11-08CVE-2006-5463: Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute…
PriorityP432high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
2.61%
83.5th percentile
Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary JavaScript bytecode via unspecified vectors involving modification of a Script object while it is executing.
Affected
27 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 45.0-1 (sid) | firefox 45.0-1 (sid) |
| debian | firefox-esr | < firefox 45.0-1 (sid) | firefox 45.0-1 (sid) |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu6.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Mozilla Thunderbird up to 1.5.0.7 Remote Code Execution (VU#714496 / Nessus ID 23635)
vuldb·2026-04-27·CVSS 7.5
CVE-2006-5463 [HIGH] Mozilla Thunderbird up to 1.5.0.7 Remote Code Execution (VU#714496 / Nessus ID 23635)
A vulnerability was found in Mozilla Thunderbird up to 1.5.0.7. It has been declared as critical. Affected is an unknown function. The manipulation results in Remote Code Execution.
This vulnerability is identified as CVE-2006-5463. The attack can be executed remotely. There is not any exploit available.
It is recommended to upgrade the affected component.
GHSA
GHSA-9964-6ghh-p55w: Unspecified vulnerability in Mozilla Firefox before 1
ghsa_unreviewed·2022-05-03
CVE-2006-5463 [HIGH] GHSA-9964-6ghh-p55w: Unspecified vulnerability in Mozilla Firefox before 1
Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary JavaScript bytecode via unspecified vectors involving modification of a Script object while it is executing.
OSV
CVE-2006-5463: Unspecified vulnerability in Mozilla Firefox before 1
osv·2006-11-08·CVSS 7.5
CVE-2006-5463 [HIGH] CVE-2006-5463: Unspecified vulnerability in Mozilla Firefox before 1
Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary JavaScript bytecode via unspecified vectors involving modification of a Script object while it is executing.
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2006-11-21·CVSS 6.4
CVE-2006-5462 [MEDIUM] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox vulnerabilities
USN-351-1 fixed a flaw in the verification of PKCS certificate
signatures. Ulrich Kuehn discovered a variant of the original attack
which the original fix did not cover. (CVE-2006-5462)
Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening
a malicious web page containing JavaScript. (CVE-2006-5463,
CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)
Instructions: After a standard system upgrade you need to restart Firefox to
effect the necessary changes.
Ubuntu
Thunderbird vulnerabilities
vendor_ubuntu·2006-11-21·CVSS 6.4
CVE-2006-5462 [MEDIUM] Thunderbird vulnerabilities
Title: Thunderbird vulnerabilities
Summary: Thunderbird vulnerabilities
USN-352-1 fixed a flaw in the verification of PKCS certificate
signatures. Ulrich Kuehn discovered a variant of the original attack
which the original fix did not cover. (CVE-2006-5462)
Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening a
malicious email containing JavaScript. Please note that JavaScript is
disabled by default for emails, and it is not recommended to enable it.
(CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)
Instructions: After a standard system upgrade you need to restart Thunderbird to
effect the necessary changes.
Red Hat
security flaw
vendor_redhat·2006-11-08·CVSS 7.5
CVE-2006-5463 [HIGH] security flaw
security flaw
Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary JavaScript bytecode via unspecified vectors involving modification of a Script object while it is executing.
Debian
CVE-2006-5463: firefox - Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before ...
vendor_debian·2006·CVSS 7.5
CVE-2006-5463 [HIGH] CVE-2006-5463: firefox - Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before ...
Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary JavaScript bytecode via unspecified vectors involving modification of a Script object while it is executing.
Scope: local
sid: resolved (fixed in 45.0-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2006-5463 security flaw
bugzilla·2018-08-16·CVSS 7.5
CVE-2006-5463 [HIGH] CVE-2006-5463 security flaw
CVE-2006-5463 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary JavaScript bytecode via unspecified vectors involving modification of a Script object while it is executing.
Bugzilla
seamonkey < 1.0.6 multiple vulnerabilities
bugzilla·2006-11-09·CVSS 7.5
CVE-2006-5463 [HIGH] seamonkey < 1.0.6 multiple vulnerabilities
seamonkey < 1.0.6 multiple vulnerabilities
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5463
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5464
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5747
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5748
Discussion:
fixed in Extras for FC6 and Rawhide
Bugzilla
CVE-2006-5462 Multiple thunderbird vulnerabilities (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)
bugzilla·2006-11-07·CVSS 6.4
CVE-2006-5462 [MEDIUM] CVE-2006-5462 Multiple thunderbird vulnerabilities (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)
CVE-2006-5462 Multiple thunderbird vulnerabilities (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)
+++ This bug was initially created as a clone of Bug #214445 +++
The Mozilla project is releasing Thunderbird 1.5.0.8 to fix a number of security
flaws (Text taken from the upstream advisories):
mfsa2006-66
CVE-2006-5462
impact=important,reported=20061107,public=20061107,source=mozilla
MFSA 2006-60 reported that RSA digital signatures with a low exponent
(typically 3) could be forged, and that this flaw was corrected in the
Mozilla Network Security Services (NSS) library version 3.11.3 used by
Firefox 2.0 and current development versions of Mozilla clients.
Ulrich Kuehn reported that Firefox 1.5.0.7, which incorporated NSS version
3.10.2, was incompletely patched and remaine
Bugzilla
CVE-2006-5462 Multiple firefox vulnerabilities (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)
bugzilla·2006-11-07·CVSS 6.4
CVE-2006-5462 [MEDIUM] CVE-2006-5462 Multiple firefox vulnerabilities (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)
CVE-2006-5462 Multiple firefox vulnerabilities (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)
The Mozilla project is releasing Firefox 1.5.0.8 to fix a number of security
flaws (Text taken from the upstream advisories):
mfsa2006-66
CVE-2006-5462
impact=important,reported=20061107,public=20061107,source=mozilla
MFSA 2006-60 reported that RSA digital signatures with a low exponent
(typically 3) could be forged, and that this flaw was corrected in the
Mozilla Network Security Services (NSS) library version 3.11.3 used by
Firefox 2.0 and current development versions of Mozilla clients.
Ulrich Kuehn reported that Firefox 1.5.0.7, which incorporated NSS version
3.10.2, was incompletely patched and remained vulnerable to a variant of
this attack.
mfsa2006-67
CVE-2006-5463
impac
Bugzilla
CVE-2006-5462 Multiple seamonkey vulnerabilities (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)
bugzilla·2006-11-07·CVSS 6.4
CVE-2006-5462 [MEDIUM] CVE-2006-5462 Multiple seamonkey vulnerabilities (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)
CVE-2006-5462 Multiple seamonkey vulnerabilities (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)
+++ This bug was initially created as a clone of Bug #214445 +++
Seamonkey 1.0.6 is being released to fix a number of security flaws (Text taken
from the upstream advisories):
mfsa2006-66
CVE-2006-5462
impact=important,reported=20061107,public=20061107,source=mozilla
MFSA 2006-60 reported that RSA digital signatures with a low exponent
(typically 3) could be forged, and that this flaw was corrected in the
Mozilla Network Security Services (NSS) library version 3.11.3 used by
Firefox 2.0 and current development versions of Mozilla clients.
Ulrich Kuehn reported that Firefox 1.5.0.7, which incorporated NSS version
3.10.2, was incompletely patched and remained vulnerable to a var
ftp://patches.sgi.com/support/free/security/advisories/20061101-01-Phttp://rhn.redhat.com/errata/RHSA-2006-0733.htmlhttp://rhn.redhat.com/errata/RHSA-2006-0734.htmlhttp://rhn.redhat.com/errata/RHSA-2006-0735.htmlhttp://secunia.com/advisories/22066http://secunia.com/advisories/22722http://secunia.com/advisories/22727http://secunia.com/advisories/22737http://secunia.com/advisories/22763http://secunia.com/advisories/22770http://secunia.com/advisories/22774http://secunia.com/advisories/22815http://secunia.com/advisories/22817http://secunia.com/advisories/22929http://secunia.com/advisories/22965http://secunia.com/advisories/22980http://secunia.com/advisories/23009http://secunia.com/advisories/23013http://secunia.com/advisories/23197http://secunia.com/advisories/23202http://secunia.com/advisories/23235http://secunia.com/advisories/23263http://secunia.com/advisories/23287http://secunia.com/advisories/23297http://secunia.com/advisories/24711http://security.gentoo.org/glsa/glsa-200612-06.xmlhttp://security.gentoo.org/glsa/glsa-200612-07.xmlhttp://security.gentoo.org/glsa/glsa-200612-08.xmlhttp://securitytracker.com/id?1017184http://securitytracker.com/id?1017185http://securitytracker.com/id?1017186http://sunsolve.sun.com/search/document.do?assetkey=1-26-103011-1http://sunsolve.sun.com/search/document.do?assetkey=1-66-200185-1http://support.avaya.com/elmodocs2/security/ASA-2006-246.htmhttp://www.debian.org/security/2006/dsa-1224http://www.debian.org/security/2006/dsa-1225http://www.debian.org/security/2006/dsa-1227http://www.kb.cert.org/vuls/id/714496http://www.mandriva.com/security/advisories?name=MDKSA-2006:205http://www.mandriva.com/security/advisories?name=MDKSA-2006:206http://www.mozilla.org/security/announce/2006/mfsa2006-67.htmlhttp://www.novell.com/linux/security/advisories/2006_68_mozilla.htmlhttp://www.securityfocus.com/archive/1/451099/100/0/threadedhttp://www.securityfocus.com/bid/20957http://www.ubuntu.com/usn/usn-381-1http://www.ubuntu.com/usn/usn-382-1http://www.us-cert.gov/cas/techalerts/TA06-312A.htmlhttp://www.vupen.com/english/advisories/2006/3748http://www.vupen.com/english/advisories/2006/4387http://www.vupen.com/english/advisories/2007/1198http://www.vupen.com/english/advisories/2007/2663http://www.vupen.com/english/advisories/2008/0083http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742https://bugzilla.mozilla.org/show_bug.cgi?id=355655https://exchange.xforce.ibmcloud.com/vulnerabilities/30116https://issues.rpath.com/browse/RPL-765https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10357ftp://patches.sgi.com/support/free/security/advisories/20061101-01-Phttp://rhn.redhat.com/errata/RHSA-2006-0733.htmlhttp://rhn.redhat.com/errata/RHSA-2006-0734.htmlhttp://rhn.redhat.com/errata/RHSA-2006-0735.htmlhttp://secunia.com/advisories/22066http://secunia.com/advisories/22722http://secunia.com/advisories/22727http://secunia.com/advisories/22737http://secunia.com/advisories/22763http://secunia.com/advisories/22770http://secunia.com/advisories/22774http://secunia.com/advisories/22815http://secunia.com/advisories/22817http://secunia.com/advisories/22929http://secunia.com/advisories/22965http://secunia.com/advisories/22980http://secunia.com/advisories/23009http://secunia.com/advisories/23013http://secunia.com/advisories/23197http://secunia.com/advisories/23202http://secunia.com/advisories/23235http://secunia.com/advisories/23263http://secunia.com/advisories/23287http://secunia.com/advisories/23297http://secunia.com/advisories/24711http://security.gentoo.org/glsa/glsa-200612-06.xmlhttp://security.gentoo.org/glsa/glsa-200612-07.xmlhttp://security.gentoo.org/glsa/glsa-200612-08.xmlhttp://securitytracker.com/id?1017184http://securitytracker.com/id?1017185http://securitytracker.com/id?1017186http://sunsolve.sun.com/search/document.do?assetkey=1-26-103011-1http://sunsolve.sun.com/search/document.do?assetkey=1-66-200185-1http://support.avaya.com/elmodocs2/security/ASA-2006-246.htmhttp://www.debian.org/security/2006/dsa-1224http://www.debian.org/security/2006/dsa-1225http://www.debian.org/security/2006/dsa-1227http://www.kb.cert.org/vuls/id/714496http://www.mandriva.com/security/advisories?name=MDKSA-2006:205http://www.mandriva.com/security/advisories?name=MDKSA-2006:206http://www.mozilla.org/security/announce/2006/mfsa2006-67.htmlhttp://www.novell.com/linux/security/advisories/2006_68_mozilla.htmlhttp://www.securityfocus.com/archive/1/451099/100/0/threaded
+ 14 more references
2006-11-08
Published