CVE-2006-3806

Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSource method of the Object, Array, and String objects; and (2) unspecified "string function arguments."

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.mozilla.org/security/announce/2006/mfsa2006-50.html	Vendor Advisory
http://www.kb.cert.org/vuls/id/655892	Third Party Advisory US Government Resource
https://issues.rpath.com/browse/RPL-536
http://www.securityfocus.com/bid/19181	Patch
http://securitytracker.com/id?1016586
http://securitytracker.com/id?1016587
http://securitytracker.com/id?1016588
http://secunia.com/advisories/19873	Patch Vendor Advisory
http://secunia.com/advisories/21216	Patch Vendor Advisory
http://secunia.com/advisories/21228	Patch Vendor Advisory
http://secunia.com/advisories/21229	Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2006-0608.html	Vendor Advisory
http://www.us-cert.gov/cas/techalerts/TA06-208A.html	US Government Resource
http://secunia.com/advisories/21246	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2006-0610.html	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2006-0611.html	Vendor Advisory
http://secunia.com/advisories/21243	Vendor Advisory
http://secunia.com/advisories/21269	Vendor Advisory
http://secunia.com/advisories/21270	Vendor Advisory
http://secunia.com/advisories/21275	Vendor Advisory
http://security.gentoo.org/glsa/glsa-200608-02.xml
http://security.gentoo.org/glsa/glsa-200608-04.xml
http://rhn.redhat.com/errata/RHSA-2006-0609.html	Vendor Advisory
http://secunia.com/advisories/21336	Vendor Advisory
http://secunia.com/advisories/21358	Vendor Advisory
http://secunia.com/advisories/21361	Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml
https://issues.rpath.com/browse/RPL-537
ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc
http://secunia.com/advisories/21250	Vendor Advisory
http://secunia.com/advisories/21262	Vendor Advisory
http://secunia.com/advisories/21343	Vendor Advisory
http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html
http://secunia.com/advisories/21529	Vendor Advisory
http://secunia.com/advisories/21532	Vendor Advisory
http://secunia.com/advisories/21607	Vendor Advisory
http://www.debian.org/security/2006/dsa-1159
http://www.redhat.com/support/errata/RHSA-2006-0594.html
http://secunia.com/advisories/21631	Vendor Advisory
http://secunia.com/advisories/21654	Vendor Advisory
http://www.debian.org/security/2006/dsa-1160
http://www.debian.org/security/2006/dsa-1161
http://secunia.com/advisories/21634	Vendor Advisory
http://secunia.com/advisories/21675	Vendor Advisory
http://www.ubuntu.com/usn/usn-350-1
http://www.ubuntu.com/usn/usn-354-1
http://secunia.com/advisories/22055
http://secunia.com/advisories/22210
http://www.ubuntu.com/usn/usn-361-1
http://secunia.com/advisories/22342
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102763-1
http://www.mandriva.com/security/advisories?name=MDKSA-2006:143
http://www.mandriva.com/security/advisories?name=MDKSA-2006:145
http://www.mandriva.com/security/advisories?name=MDKSA-2006:146
http://secunia.com/advisories/22065
http://secunia.com/advisories/22066
http://www.vupen.com/english/advisories/2006/3749
http://www.vupen.com/english/advisories/2006/3748
http://www.vupen.com/english/advisories/2007/0058
http://www.vupen.com/english/advisories/2008/0083
http://www.vupen.com/english/advisories/2006/2998
https://exchange.xforce.ibmcloud.com/vulnerabilities/27987
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11232
https://usn.ubuntu.com/329-1/
https://usn.ubuntu.com/327-1/
http://www.securityfocus.com/archive/1/446658/100/200/threaded
http://www.securityfocus.com/archive/1/446657/100/200/threaded
http://www.securityfocus.com/archive/1/441333/100/0/threaded

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:seamonkey:1.0.1:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.0.2:::::::*
	cpe:2.3:a:mozilla:firefox:1.5:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.1:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.0::dev:::::
	cpe:2.3:a:mozilla:thunderbird:1.5:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.4:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.0:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.2:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.3:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.5.0.2:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.5.0.4:::::::*

Information

Published : 2006-07-27 12:04

Updated : 2018-10-17 14:30

NVD link : CVE-2006-3806

Mitre link : CVE-2006-3806

JSON object : View

CWE

CWE-189

Numeric Errors

Products Affected

mozilla

firefox
seamonkey
thunderbird

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-50.html", "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-50.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.kb.cert.org/vuls/id/655892", "name": "VU#655892", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": "CERT-VN"}, {"url": "https://issues.rpath.com/browse/RPL-536", "name": "https://issues.rpath.com/browse/RPL-536", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/19181", "name": "19181", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://securitytracker.com/id?1016586", "name": "1016586", "tags": [], "refsource": "SECTRACK"}, {"url": "http://securitytracker.com/id?1016587", "name": "1016587", "tags": [], "refsource": "SECTRACK"}, {"url": "http://securitytracker.com/id?1016588", "name": "1016588", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/19873", "name": "19873", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/21216", "name": "21216", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/21228", "name": "21228", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/21229", "name": "21229", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.redhat.com/support/errata/RHSA-2006-0608.html", "name": "RHSA-2006:0608", "tags": ["Vendor Advisory"], "refsource": "REDHAT"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA06-208A.html", "name": "TA06-208A", "tags": ["US Government Resource"], "refsource": "CERT"}, {"url": "http://secunia.com/advisories/21246", "name": "21246", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.redhat.com/support/errata/RHSA-2006-0610.html", "name": "RHSA-2006:0610", "tags": ["Vendor Advisory"], "refsource": "REDHAT"}, {"url": "http://www.redhat.com/support/errata/RHSA-2006-0611.html", "name": "RHSA-2006:0611", "tags": ["Vendor Advisory"], "refsource": "REDHAT"}, {"url": "http://secunia.com/advisories/21243", "name": "21243", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/21269", "name": "21269", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/21270", "name": "21270", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/21275", "name": "21275", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://security.gentoo.org/glsa/glsa-200608-02.xml", "name": "GLSA-200608-02", "tags": [], "refsource": "GENTOO"}, {"url": "http://security.gentoo.org/glsa/glsa-200608-04.xml", "name": "GLSA-200608-04", "tags": [], "refsource": "GENTOO"}, {"url": "http://rhn.redhat.com/errata/RHSA-2006-0609.html", "name": "RHSA-2006:0609", "tags": ["Vendor Advisory"], "refsource": "REDHAT"}, {"url": "http://secunia.com/advisories/21336", "name": "21336", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/21358", "name": "21358", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/21361", "name": "21361", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml", "name": "GLSA-200608-03", "tags": [], "refsource": "GENTOO"}, {"url": "https://issues.rpath.com/browse/RPL-537", "name": "https://issues.rpath.com/browse/RPL-537", "tags": [], "refsource": "CONFIRM"}, {"url": "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc", "name": "20060703-01-P", "tags": [], "refsource": "SGI"}, {"url": "http://secunia.com/advisories/21250", "name": "21250", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/21262", "name": "21262", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/21343", "name": "21343", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html", "name": "SUSE-SA:2006:048", "tags": [], "refsource": "SUSE"}, {"url": "http://secunia.com/advisories/21529", "name": "21529", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/21532", "name": "21532", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/21607", "name": "21607", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.debian.org/security/2006/dsa-1159", "name": "DSA-1159", "tags": [], "refsource": "DEBIAN"}, {"url": "http://www.redhat.com/support/errata/RHSA-2006-0594.html", "name": "RHSA-2006:0594", "tags": [], "refsource": "REDHAT"}, {"url": "http://secunia.com/advisories/21631", "name": "21631", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/21654", "name": "21654", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.debian.org/security/2006/dsa-1160", "name": "DSA-1160", "tags": [], "refsource": "DEBIAN"}, {"url": "http://www.debian.org/security/2006/dsa-1161", "name": "DSA-1161", "tags": [], "refsource": "DEBIAN"}, {"url": "http://secunia.com/advisories/21634", "name": "21634", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/21675", "name": "21675", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.ubuntu.com/usn/usn-350-1", "name": "USN-350-1", "tags": [], "refsource": "UBUNTU"}, {"url": "http://www.ubuntu.com/usn/usn-354-1", "name": "USN-354-1", "tags": [], "refsource": "UBUNTU"}, {"url": "http://secunia.com/advisories/22055", "name": "22055", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/22210", "name": "22210", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.ubuntu.com/usn/usn-361-1", "name": "USN-361-1", "tags": [], "refsource": "UBUNTU"}, {"url": "http://secunia.com/advisories/22342", "name": "22342", "tags": [], "refsource": "SECUNIA"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102763-1", "name": "102763", "tags": [], "refsource": "SUNALERT"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143", "name": "MDKSA-2006:143", "tags": [], "refsource": "MANDRIVA"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145", "name": "MDKSA-2006:145", "tags": [], "refsource": "MANDRIVA"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:146", "name": "MDKSA-2006:146", "tags": [], "refsource": "MANDRIVA"}, {"url": "http://secunia.com/advisories/22065", "name": "22065", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/22066", "name": "22066", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2006/3749", "name": "ADV-2006-3749", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2006/3748", "name": "ADV-2006-3748", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2007/0058", "name": "ADV-2007-0058", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2008/0083", "name": "ADV-2008-0083", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2006/2998", "name": "ADV-2006-2998", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27987", "name": "mozilla-javascript-engine-overflow(27987)", "tags": [], "refsource": "XF"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11232", "name": "oval:org.mitre.oval:def:11232", "tags": [], "refsource": "OVAL"}, {"url": "https://usn.ubuntu.com/329-1/", "name": "USN-329-1", "tags": [], "refsource": "UBUNTU"}, {"url": "https://usn.ubuntu.com/327-1/", "name": "USN-327-1", "tags": [], "refsource": "UBUNTU"}, {"url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded", "name": "SSRT061181", "tags": [], "refsource": "HP"}, {"url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded", "name": "SSRT061236", "tags": [], "refsource": "HP"}, {"url": "http://www.securityfocus.com/archive/1/441333/100/0/threaded", "name": "20060727 rPSA-2006-0137-1 firefox", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSource method of the Object, Array, and String objects; and (2) unspecified \"string function arguments.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-189"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-3806", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-07-27T19:04Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:1.0:*:dev:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-17T21:30Z"}

7.5 /10