| Vulnerability Name: | CVE-2006-3806 (CCN-27987) | ||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2006-07-26 | ||||||||||||||||||||||||||||||||||||||||
| Published: | 2006-07-26 | ||||||||||||||||||||||||||||||||||||||||
| Updated: | 2018-10-17 | ||||||||||||||||||||||||||||||||||||||||
| Summary: | Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSource method of the Object, Array, and String objects; and (2) unspecified "string function arguments." | ||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-189 | ||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||||||||||
| References: | Source: SGI Type: UNKNOWN 20060703-01-P Source: MITRE Type: CNA CVE-2006-3806 Source: CCN Type: RHSA-2006-0594 seamonkey security update (was mozilla) Source: CCN Type: RHSA-2006-0608 seamonkey security update Source: CCN Type: RHSA-2006-0609 seamonkey security update Source: REDHAT Type: Vendor Advisory RHSA-2006:0609 Source: CCN Type: RHSA-2006-0610 firefox security update Source: CCN Type: RHSA-2006-0611 thunderbird security update Source: CCN Type: SA19873 Mozilla Firefox Multiple Vulnerabilities Source: SECUNIA Type: Patch, Vendor Advisory 19873 Source: SECUNIA Type: Patch, Vendor Advisory 21216 Source: CCN Type: SA21228 Mozilla Thunderbird Multiple Vulnerabilities Source: SECUNIA Type: Patch, Vendor Advisory 21228 Source: CCN Type: SA21229 Mozilla SeaMonkey Multiple Vulnerabilities Source: SECUNIA Type: Patch, Vendor Advisory 21229 Source: SECUNIA Type: Vendor Advisory 21243 Source: SECUNIA Type: Vendor Advisory 21246 Source: SECUNIA Type: Vendor Advisory 21250 Source: SECUNIA Type: Vendor Advisory 21262 Source: SECUNIA Type: Vendor Advisory 21269 Source: SECUNIA Type: Vendor Advisory 21270 Source: SECUNIA Type: Vendor Advisory 21275 Source: SECUNIA Type: Vendor Advisory 21336 Source: SECUNIA Type: Vendor Advisory 21343 Source: SECUNIA Type: Vendor Advisory 21358 Source: SECUNIA Type: Vendor Advisory 21361 Source: SECUNIA Type: Vendor Advisory 21529 Source: SECUNIA Type: Vendor Advisory 21532 Source: SECUNIA Type: Vendor Advisory 21607 Source: SECUNIA Type: Vendor Advisory 21631 Source: SECUNIA Type: Vendor Advisory 21634 Source: SECUNIA Type: Vendor Advisory 21654 Source: SECUNIA Type: Vendor Advisory 21675 Source: SECUNIA Type: UNKNOWN 22055 Source: SECUNIA Type: UNKNOWN 22065 Source: SECUNIA Type: UNKNOWN 22066 Source: SECUNIA Type: UNKNOWN 22210 Source: SECUNIA Type: UNKNOWN 22342 Source: GENTOO Type: UNKNOWN GLSA-200608-02 Source: GENTOO Type: UNKNOWN GLSA-200608-04 Source: CCN Type: SECTRACK ID: 1016586 Mozilla Firefox Multiple Bugs Let Remote Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1016586 Source: CCN Type: SECTRACK ID: 1016587 Mozilla Seamonkey Multiple Bugs Let Remote Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1016587 Source: CCN Type: SECTRACK ID: 1016588 Mozilla Thunderbird Multiple Bugs Let Remote Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1016588 Source: SUNALERT Type: UNKNOWN 102763 Source: CCN Type: Sun Alert ID: 200630 Multiple Security Vulnerabilites in Mozilla 1.7 for Solaris 8, 9, and 10 Source: CCN Type: ASA-2006-149 seamonkey security update (RHSA-2006-0608) Source: CCN Type: ASA-2006-151 firefox seamonkey and thunderbird security update (RHSA-2006-0609 RHSA-2006-0610 and RHSA-2006-0611) Source: CCN Type: ASA-2006-208 seamonkey security update (was mozilla) (RHSA-2006-0594) Source: CCN Type: ASA-2006-259 HP-UX Firefox Vulnerabilities Source: CCN Type: ASA-2007-026 Multiple Security Vulnerabilities in Mozilla 1.7 for Solaris 8 9 and 10 (Sun 102763) Source: CCN Type: ASA-2007-097 HP-UX Running Firefox Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS) (HPSBUX02153) Source: CCN Type: ASA-2007-135 HP-UX Running Thunderbird Remote Unauthorized Access or Elevation of Privileges or Denial of Service (HPSBUX02156) Source: DEBIAN Type: UNKNOWN DSA-1159 Source: DEBIAN Type: UNKNOWN DSA-1160 Source: DEBIAN Type: UNKNOWN DSA-1161 Source: DEBIAN Type: DSA-1159 mozilla-thunderbird -- several vulnerabilities Source: DEBIAN Type: DSA-1160 mozilla -- several vulnerabilities Source: DEBIAN Type: DSA-1161 mozilla-firefox -- several vulnerabilities Source: CCN Type: GLSA-200608-02 Mozilla SeaMonkey: Multiple vulnerabilities Source: CCN Type: GLSA-200608-03 Mozilla Firefox: Multiple vulnerabilities Source: GENTOO Type: UNKNOWN GLSA-200608-03 Source: CCN Type: GLSA-200608-04 Mozilla Thunderbird: Multiple vulnerabilities Source: CCN Type: US-CERT VU#655892 Mozilla JavaScript engine contains multiple integer overflows Source: CERT-VN Type: Third Party Advisory, US Government Resource VU#655892 Source: MANDRIVA Type: UNKNOWN MDKSA-2006:143 Source: MANDRIVA Type: UNKNOWN MDKSA-2006:145 Source: MANDRIVA Type: UNKNOWN MDKSA-2006:146 Source: CCN Type: MFSA 2006-50 JavaScript engine vulnerabilities Source: CONFIRM Type: Vendor Advisory http://www.mozilla.org/security/announce/2006/mfsa2006-50.html Source: SUSE Type: UNKNOWN SUSE-SA:2006:048 Source: REDHAT Type: UNKNOWN RHSA-2006:0594 Source: REDHAT Type: Vendor Advisory RHSA-2006:0608 Source: REDHAT Type: Vendor Advisory RHSA-2006:0610 Source: REDHAT Type: Vendor Advisory RHSA-2006:0611 Source: BUGTRAQ Type: UNKNOWN 20060727 rPSA-2006-0137-1 firefox Source: HP Type: UNKNOWN SSRT061236 Source: HP Type: UNKNOWN SSRT061181 Source: BID Type: Patch 19181 Source: CCN Type: BID-19181 Mozilla Multiple Products Remote Vulnerabilities Source: CCN Type: USN-327-1 Firefox vulnerabilities Source: CCN Type: USN-327-2 Firefox regression Source: CCN Type: USN-329-1 Thunderbird vulnerabilities Source: CCN Type: USN-350-1 Thunderbird vulnerabilities Source: UBUNTU Type: UNKNOWN USN-350-1 Source: CCN Type: USN-354-1 Firefox vulnerabilities Source: UBUNTU Type: UNKNOWN USN-354-1 Source: CCN Type: USN-361-1 Mozilla vulnerabilities Source: UBUNTU Type: UNKNOWN USN-361-1 Source: CCN Type: US-CERT Technical Cyber Security Alert TA06-208A Mozilla Products Contain Multiple Vulnerabilities Source: CERT Type: US Government Resource TA06-208A Source: VUPEN Type: UNKNOWN ADV-2006-2998 Source: VUPEN Type: UNKNOWN ADV-2006-3748 Source: VUPEN Type: UNKNOWN ADV-2006-3749 Source: VUPEN Type: UNKNOWN ADV-2007-0058 Source: VUPEN Type: UNKNOWN ADV-2008-0083 Source: XF Type: UNKNOWN mozilla-javascript-engine-overflow(27987) Source: XF Type: UNKNOWN mozilla-javascript-engine-overflow(27987) Source: CONFIRM Type: UNKNOWN https://issues.rpath.com/browse/RPL-536 Source: CONFIRM Type: UNKNOWN https://issues.rpath.com/browse/RPL-537 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:11232 Source: UBUNTU Type: UNKNOWN USN-327-1 Source: UBUNTU Type: UNKNOWN USN-329-1 Source: SUSE Type: SUSE-SA:2006:048 Mozilla Firefox Thunderbird and Seamonkey security problems | ||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||