| Vulnerability Name: | CVE-2006-3811 (CCN-27992) | ||||||||||||||||||||||||||||||||
| Assigned: | 2006-07-26 | ||||||||||||||||||||||||||||||||
| Published: | 2006-07-26 | ||||||||||||||||||||||||||||||||
| Updated: | 2018-10-17 | ||||||||||||||||||||||||||||||||
| Summary: | Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Javascript that leads to memory corruption, including (1) nsListControlFrame::FireMenuItemActiveEvent, (2) buffer overflows in the string class in out-of-memory conditions, (3) table row and column groups, (4) "anonymous box selectors outside of UA stylesheets," (5) stale references to "removed nodes," and (6) running the crypto.generateCRMFRequest callback on deleted context. | ||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||
| References: | Source: SGI Type: Vendor Advisory 20060703-01-P Source: MITRE Type: CNA CVE-2006-3811 Source: CCN Type: RHSA-2006-0594 seamonkey security update (was mozilla) Source: CCN Type: RHSA-2006-0608 seamonkey security update Source: CCN Type: RHSA-2006-0609 seamonkey security update Source: REDHAT Type: UNKNOWN RHSA-2006:0609 Source: CCN Type: RHSA-2006-0610 firefox security update Source: CCN Type: RHSA-2006-0611 thunderbird security update Source: CCN Type: SA19873 Mozilla Firefox Multiple Vulnerabilities Source: SECUNIA Type: Patch, Vendor Advisory 19873 Source: SECUNIA Type: Patch, Vendor Advisory 21216 Source: CCN Type: SA21228 Mozilla Thunderbird Multiple Vulnerabilities Source: SECUNIA Type: Patch, Vendor Advisory 21228 Source: CCN Type: SA21229 Mozilla SeaMonkey Multiple Vulnerabilities Source: SECUNIA Type: Patch, Vendor Advisory 21229 Source: SECUNIA Type: UNKNOWN 21243 Source: SECUNIA Type: UNKNOWN 21246 Source: SECUNIA Type: Vendor Advisory 21250 Source: SECUNIA Type: Vendor Advisory 21262 Source: SECUNIA Type: UNKNOWN 21269 Source: SECUNIA Type: UNKNOWN 21270 Source: SECUNIA Type: UNKNOWN 21275 Source: SECUNIA Type: Vendor Advisory 21336 Source: SECUNIA Type: Vendor Advisory 21343 Source: SECUNIA Type: Vendor Advisory 21358 Source: SECUNIA Type: Vendor Advisory 21361 Source: SECUNIA Type: Vendor Advisory 21529 Source: SECUNIA Type: UNKNOWN 21532 Source: SECUNIA Type: UNKNOWN 21607 Source: SECUNIA Type: UNKNOWN 21631 Source: SECUNIA Type: UNKNOWN 21675 Source: SECUNIA Type: UNKNOWN 22055 Source: SECUNIA Type: UNKNOWN 22065 Source: SECUNIA Type: UNKNOWN 22066 Source: SECUNIA Type: UNKNOWN 22210 Source: SECUNIA Type: UNKNOWN 22342 Source: CCN Type: SA25839 Sun Solaris Mozilla 1.7 Vulnerabilities Source: SECUNIA Type: UNKNOWN 25839 Source: GENTOO Type: UNKNOWN GLSA-200608-02 Source: GENTOO Type: UNKNOWN GLSA-200608-04 Source: CCN Type: SECTRACK ID: 1016586 Mozilla Firefox Multiple Bugs Let Remote Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1016586 Source: CCN Type: SECTRACK ID: 1016587 Mozilla Seamonkey Multiple Bugs Let Remote Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1016587 Source: CCN Type: SECTRACK ID: 1016588 Mozilla Thunderbird Multiple Bugs Let Remote Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1016588 Source: CCN Type: Sun Alert ID: 102971 Multiple Memory Corruption Vulnerabilities in Mozilla 1.7 for Solaris 8, 9 and 10 Source: SUNALERT Type: UNKNOWN 102971 Source: CCN Type: ASA-2006-149 seamonkey security update (RHSA-2006-0608) Source: CCN Type: ASA-2006-151 firefox seamonkey and thunderbird security update (RHSA-2006-0609 RHSA-2006-0610 and RHSA-2006-0611) Source: CCN Type: ASA-2006-208 seamonkey security update (was mozilla) (RHSA-2006-0594) Source: CCN Type: ASA-2006-259 HP-UX Firefox Vulnerabilities Source: CCN Type: ASA-2007-097 HP-UX Running Firefox Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS) (HPSBUX02153) Source: CCN Type: ASA-2007-135 HP-UX Running Thunderbird Remote Unauthorized Access or Elevation of Privileges or Denial of Service (HPSBUX02156) Source: CCN Type: ASA-2007-311 Multiple Memory Corruption Vulnerabilities in Mozilla 1.7 for Solaris 8 9 and 10 (Sun 102971) Source: DEBIAN Type: UNKNOWN DSA-1161 Source: DEBIAN Type: DSA-1161 mozilla-firefox -- several vulnerabilities Source: CCN Type: GLSA-200507-24 Mozilla Suite: Multiple vulnerabilities Source: CCN Type: GLSA-200608-02 Mozilla SeaMonkey: Multiple vulnerabilities Source: CCN Type: GLSA-200608-03 Mozilla Firefox: Multiple vulnerabilities Source: GENTOO Type: UNKNOWN GLSA-200608-03 Source: CCN Type: GLSA-200608-04 Mozilla Thunderbird: Multiple vulnerabilities Source: CCN Type: US-CERT VU#527676 Mozilla contains multiple memory corruption vulnerabilities Source: CERT-VN Type: US Government Resource VU#527676 Source: MANDRIVA Type: UNKNOWN MDKSA-2006:143 Source: MANDRIVA Type: UNKNOWN MDKSA-2006:145 Source: MANDRIVA Type: UNKNOWN MDKSA-2006:146 Source: CCN Type: MFSA 2006-55 Crashes with evidence of memory corruption (rv:1.8.0.5) Source: CONFIRM Type: Vendor Advisory http://www.mozilla.org/security/announce/2006/mfsa2006-55.html Source: SUSE Type: UNKNOWN SUSE-SA:2006:048 Source: REDHAT Type: UNKNOWN RHSA-2006:0594 Source: REDHAT Type: UNKNOWN RHSA-2006:0608 Source: REDHAT Type: UNKNOWN RHSA-2006:0610 Source: REDHAT Type: UNKNOWN RHSA-2006:0611 Source: BUGTRAQ Type: UNKNOWN 20060727 rPSA-2006-0137-1 firefox Source: HP Type: UNKNOWN SSRT061236 Source: HP Type: UNKNOWN SSRT061181 Source: BID Type: Patch 19181 Source: CCN Type: BID-19181 Mozilla Multiple Products Remote Vulnerabilities Source: CCN Type: USN-327-1 Firefox vulnerabilities Source: CCN Type: USN-327-2 Firefox regression Source: CCN Type: USN-329-1 Thunderbird vulnerabilities Source: CCN Type: USN-350-1 Thunderbird vulnerabilities Source: UBUNTU Type: UNKNOWN USN-350-1 Source: CCN Type: USN-354-1 Firefox vulnerabilities Source: UBUNTU Type: UNKNOWN USN-354-1 Source: CCN Type: USN-361-1 Mozilla vulnerabilities Source: UBUNTU Type: UNKNOWN USN-361-1 Source: CCN Type: US-CERT Technical Cyber Security Alert TA06-208A Mozilla Products Contain Multiple Vulnerabilities Source: CERT Type: US Government Resource TA06-208A Source: VUPEN Type: UNKNOWN ADV-2006-2998 Source: VUPEN Type: UNKNOWN ADV-2006-3748 Source: VUPEN Type: UNKNOWN ADV-2006-3749 Source: VUPEN Type: UNKNOWN ADV-2007-2350 Source: VUPEN Type: UNKNOWN ADV-2008-0083 Source: XF Type: UNKNOWN mozilla-multiple-memory-corruption(27992) Source: XF Type: UNKNOWN mozilla-multiple-memory-corruption(27992) Source: CONFIRM Type: UNKNOWN https://issues.rpath.com/browse/RPL-536 Source: CONFIRM Type: UNKNOWN https://issues.rpath.com/browse/RPL-537 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:9934 Source: UBUNTU Type: UNKNOWN USN-327-1 Source: UBUNTU Type: UNKNOWN USN-329-1 Source: SUSE Type: SUSE-SA:2006:048 Mozilla Firefox Thunderbird and Seamonkey security problems | ||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||