CVE-2006-5748
published 2006-11-08CVE-2006-5748: Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow…
PriorityP422medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
5.52%
91.9th percentile
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger memory corruption.
Affected
27 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 45.0-1 (sid) | firefox 45.0-1 (sid) |
| debian | firefox-esr | < firefox 45.0-1 (sid) | firefox 45.0-1 (sid) |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird | — | — |
| mozilla | thunderbird | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_ubuntu6.4MEDIUM
vendor_debian5.0HIGH
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Mozilla Thunderbird up to 1.5.0.7 Javascript Engine memory corruption (VU#390480 / Nessus ID 37577)
vuldb·2026-04-27·CVSS 5.0
CVE-2006-5748 [MEDIUM] Mozilla Thunderbird up to 1.5.0.7 Javascript Engine memory corruption (VU#390480 / Nessus ID 37577)
A vulnerability was found in Mozilla Thunderbird up to 1.5.0.7. It has been classified as critical. This impacts an unknown function of the component Javascript Engine. The manipulation leads to memory corruption.
This vulnerability is referenced as CVE-2006-5748. Remote exploitation of the attack is possible. No exploit is available.
Upgrading the affected component is recommended.
GHSA
GHSA-vg9c-529p-65wv: Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 1
ghsa_unreviewed·2022-05-03
CVE-2006-5748 [MEDIUM] GHSA-vg9c-529p-65wv: Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 1
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger memory corruption.
OSV
CVE-2006-5748: Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 1
osv·2006-11-08·CVSS 5.0
CVE-2006-5748 [MEDIUM] CVE-2006-5748: Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 1
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger memory corruption.
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2006-11-21·CVSS 6.4
CVE-2006-5462 [MEDIUM] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox vulnerabilities
USN-351-1 fixed a flaw in the verification of PKCS certificate
signatures. Ulrich Kuehn discovered a variant of the original attack
which the original fix did not cover. (CVE-2006-5462)
Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening
a malicious web page containing JavaScript. (CVE-2006-5463,
CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)
Instructions: After a standard system upgrade you need to restart Firefox to
effect the necessary changes.
Ubuntu
Thunderbird vulnerabilities
vendor_ubuntu·2006-11-21·CVSS 6.4
CVE-2006-5462 [MEDIUM] Thunderbird vulnerabilities
Title: Thunderbird vulnerabilities
Summary: Thunderbird vulnerabilities
USN-352-1 fixed a flaw in the verification of PKCS certificate
signatures. Ulrich Kuehn discovered a variant of the original attack
which the original fix did not cover. (CVE-2006-5462)
Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening a
malicious email containing JavaScript. Please note that JavaScript is
disabled by default for emails, and it is not recommended to enable it.
(CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)
Instructions: After a standard system upgrade you need to restart Thunderbird to
effect the necessary changes.
Red Hat
seamonkey < 1.0.6 multiple vulnerabilities
vendor_redhat·2006-11-08·CVSS 5.0
CVE-2006-5748 [MEDIUM] seamonkey < 1.0.6 multiple vulnerabilities
seamonkey < 1.0.6 multiple vulnerabilities
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger memory corruption.
Debian
CVE-2006-5748: firefox - Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox...
vendor_debian·2006·CVSS 5.0
CVE-2006-5748 [MEDIUM] CVE-2006-5748: firefox - Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox...
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger memory corruption.
Scope: local
sid: resolved (fixed in 45.0-1)
No detection rules found.
No public exploits indexed.
Bugzilla
seamonkey < 1.0.6 multiple vulnerabilities
bugzilla·2006-11-09·CVSS 7.5
CVE-2006-5463 [HIGH] seamonkey < 1.0.6 multiple vulnerabilities
seamonkey < 1.0.6 multiple vulnerabilities
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5463
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5464
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5747
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5748
Discussion:
fixed in Extras for FC6 and Rawhide
Bugzilla
CVE-2006-5462 Multiple thunderbird vulnerabilities (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)
bugzilla·2006-11-07·CVSS 6.4
CVE-2006-5462 [MEDIUM] CVE-2006-5462 Multiple thunderbird vulnerabilities (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)
CVE-2006-5462 Multiple thunderbird vulnerabilities (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)
+++ This bug was initially created as a clone of Bug #214445 +++
The Mozilla project is releasing Thunderbird 1.5.0.8 to fix a number of security
flaws (Text taken from the upstream advisories):
mfsa2006-66
CVE-2006-5462
impact=important,reported=20061107,public=20061107,source=mozilla
MFSA 2006-60 reported that RSA digital signatures with a low exponent
(typically 3) could be forged, and that this flaw was corrected in the
Mozilla Network Security Services (NSS) library version 3.11.3 used by
Firefox 2.0 and current development versions of Mozilla clients.
Ulrich Kuehn reported that Firefox 1.5.0.7, which incorporated NSS version
3.10.2, was incompletely patched and remaine
Bugzilla
CVE-2006-5462 Multiple firefox vulnerabilities (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)
bugzilla·2006-11-07·CVSS 6.4
CVE-2006-5462 [MEDIUM] CVE-2006-5462 Multiple firefox vulnerabilities (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)
CVE-2006-5462 Multiple firefox vulnerabilities (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)
The Mozilla project is releasing Firefox 1.5.0.8 to fix a number of security
flaws (Text taken from the upstream advisories):
mfsa2006-66
CVE-2006-5462
impact=important,reported=20061107,public=20061107,source=mozilla
MFSA 2006-60 reported that RSA digital signatures with a low exponent
(typically 3) could be forged, and that this flaw was corrected in the
Mozilla Network Security Services (NSS) library version 3.11.3 used by
Firefox 2.0 and current development versions of Mozilla clients.
Ulrich Kuehn reported that Firefox 1.5.0.7, which incorporated NSS version
3.10.2, was incompletely patched and remained vulnerable to a variant of
this attack.
mfsa2006-67
CVE-2006-5463
impac
Bugzilla
CVE-2006-5462 Multiple seamonkey vulnerabilities (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)
bugzilla·2006-11-07·CVSS 6.4
CVE-2006-5462 [MEDIUM] CVE-2006-5462 Multiple seamonkey vulnerabilities (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)
CVE-2006-5462 Multiple seamonkey vulnerabilities (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)
+++ This bug was initially created as a clone of Bug #214445 +++
Seamonkey 1.0.6 is being released to fix a number of security flaws (Text taken
from the upstream advisories):
mfsa2006-66
CVE-2006-5462
impact=important,reported=20061107,public=20061107,source=mozilla
MFSA 2006-60 reported that RSA digital signatures with a low exponent
(typically 3) could be forged, and that this flaw was corrected in the
Mozilla Network Security Services (NSS) library version 3.11.3 used by
Firefox 2.0 and current development versions of Mozilla clients.
Ulrich Kuehn reported that Firefox 1.5.0.7, which incorporated NSS version
3.10.2, was incompletely patched and remained vulnerable to a var
ftp://patches.sgi.com/support/free/security/advisories/20061101-01-Phttp://rhn.redhat.com/errata/RHSA-2006-0733.htmlhttp://rhn.redhat.com/errata/RHSA-2006-0734.htmlhttp://rhn.redhat.com/errata/RHSA-2006-0735.htmlhttp://secunia.com/advisories/22066http://secunia.com/advisories/22722http://secunia.com/advisories/22727http://secunia.com/advisories/22737http://secunia.com/advisories/22763http://secunia.com/advisories/22770http://secunia.com/advisories/22774http://secunia.com/advisories/22815http://secunia.com/advisories/22817http://secunia.com/advisories/22929http://secunia.com/advisories/22965http://secunia.com/advisories/22980http://secunia.com/advisories/23009http://secunia.com/advisories/23013http://secunia.com/advisories/23197http://secunia.com/advisories/23202http://secunia.com/advisories/23235http://secunia.com/advisories/23263http://secunia.com/advisories/23287http://secunia.com/advisories/23297http://secunia.com/advisories/24711http://secunia.com/advisories/27603http://security.gentoo.org/glsa/glsa-200612-06.xmlhttp://security.gentoo.org/glsa/glsa-200612-07.xmlhttp://security.gentoo.org/glsa/glsa-200612-08.xmlhttp://securitytracker.com/id?1017177http://securitytracker.com/id?1017178http://securitytracker.com/id?1017179http://sunsolve.sun.com/search/document.do?assetkey=1-26-103139-1http://sunsolve.sun.com/search/document.do?assetkey=1-66-201335-1http://support.avaya.com/elmodocs2/security/ASA-2006-246.htmhttp://www.debian.org/security/2006/dsa-1224http://www.debian.org/security/2006/dsa-1225http://www.debian.org/security/2006/dsa-1227http://www.kb.cert.org/vuls/id/390480http://www.mandriva.com/security/advisories?name=MDKSA-2006:205http://www.mandriva.com/security/advisories?name=MDKSA-2006:206http://www.mozilla.org/security/announce/2006/mfsa2006-65.htmlhttp://www.novell.com/linux/security/advisories/2006_68_mozilla.htmlhttp://www.securityfocus.com/archive/1/451099/100/0/threadedhttp://www.securityfocus.com/bid/20957http://www.ubuntu.com/usn/usn-381-1http://www.ubuntu.com/usn/usn-382-1http://www.us-cert.gov/cas/techalerts/TA06-312A.htmlhttp://www.vupen.com/english/advisories/2006/3748http://www.vupen.com/english/advisories/2006/4387http://www.vupen.com/english/advisories/2007/1198http://www.vupen.com/english/advisories/2007/3821http://www.vupen.com/english/advisories/2008/0083http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742https://bugzilla.mozilla.org/show_bug.cgi?id=349527https://bugzilla.mozilla.org/show_bug.cgi?id=350238https://bugzilla.mozilla.org/show_bug.cgi?id=351116https://bugzilla.mozilla.org/show_bug.cgi?id=351973https://bugzilla.mozilla.org/show_bug.cgi?id=352271https://bugzilla.mozilla.org/show_bug.cgi?id=352606https://bugzilla.mozilla.org/show_bug.cgi?id=353165https://bugzilla.mozilla.org/show_bug.cgi?id=354145https://bugzilla.mozilla.org/show_bug.cgi?id=354151https://exchange.xforce.ibmcloud.com/vulnerabilities/30096https://issues.rpath.com/browse/RPL-765https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11408ftp://patches.sgi.com/support/free/security/advisories/20061101-01-Phttp://rhn.redhat.com/errata/RHSA-2006-0733.htmlhttp://rhn.redhat.com/errata/RHSA-2006-0734.htmlhttp://rhn.redhat.com/errata/RHSA-2006-0735.htmlhttp://secunia.com/advisories/22066http://secunia.com/advisories/22722http://secunia.com/advisories/22727http://secunia.com/advisories/22737http://secunia.com/advisories/22763http://secunia.com/advisories/22770http://secunia.com/advisories/22774http://secunia.com/advisories/22815http://secunia.com/advisories/22817http://secunia.com/advisories/22929http://secunia.com/advisories/22965http://secunia.com/advisories/22980http://secunia.com/advisories/23009http://secunia.com/advisories/23013http://secunia.com/advisories/23197http://secunia.com/advisories/23202http://secunia.com/advisories/23235http://secunia.com/advisories/23263http://secunia.com/advisories/23287http://secunia.com/advisories/23297http://secunia.com/advisories/24711http://secunia.com/advisories/27603http://security.gentoo.org/glsa/glsa-200612-06.xmlhttp://security.gentoo.org/glsa/glsa-200612-07.xmlhttp://security.gentoo.org/glsa/glsa-200612-08.xmlhttp://securitytracker.com/id?1017177http://securitytracker.com/id?1017178http://securitytracker.com/id?1017179http://sunsolve.sun.com/search/document.do?assetkey=1-26-103139-1http://sunsolve.sun.com/search/document.do?assetkey=1-66-201335-1
+ 32 more references
2006-11-08
Published