CVE-2006-3806

2006-07-27 21:04:00 2018-10-17 23:30:46

Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSource method of the Object, Array, and String objects; and (2) unspecified "string function arguments."

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Mozilla Thunderbird 1.5.0.2 Mozilla Thunderbird 1.5 Mozilla SeaMonkey 1.0.2 Mozilla SeaMonkey 1.0.1 Mozilla Seamonkey 1.0 Dev (not an official CPE) Mozilla SeaMonkey 1.0 Mozilla Firefox 1.5.0.4 Mozilla Firefox 1.5.0.3 Mozilla Firefox 1.5.0.2 Mozilla Firefox 1.5.0.1 Mozilla Firefox 1.5 Mozilla Thunderbird 1.5.0.4

Mozilla - Thunderbird Mozilla - Seamonkey Mozilla - Firefox

Advisory	Patch	Confirmed	Link
			USN-329-1
			USN-327-1
			https://issues.rpath.com/browse/RPL-537
			mozilla-javascript-engine-overflow(27987)
			https://issues.rpath.com/browse/RPL-536
			ADV-2008-0083
			ADV-2007-0058
			ADV-2006-3748
			ADV-2006-3749
			ADV-2006-2998
			TA06-208A
			USN-361-1
			USN-354-1
			USN-350-1
			19181
			HPSBUX02153
			HPSBUX02156
			20060727 rPSA-2006-0137-1 firefox
			RHSA-2006:0611
			RHSA-2006:0610
			RHSA-2006:0608
			RHSA-2006:0594
			SUSE-SA:2006:048
			http://www.mozilla.org/security/announce/2006/mfsa2006-5...
			MDKSA-2006:146
			MDKSA-2006:145
			MDKSA-2006:143
			VU#655892
			GLSA-200608-03
			DSA-1161
			DSA-1160
			DSA-1159
			102763
			1016588
			1016587
			1016586
			GLSA-200608-04
			GLSA-200608-02
			RHSA-2006:0609
			20060703-01-P

CVE-2006-3806

2006-07-27 21:04:00 2018-10-17 23:30:46

Vector

Complexity

Authentication

Confidentiality

Integrity

Availability

Numeric Errors (ID 189)