Vulnerability Name:

CVE-2006-5463 (CCN-30116)

Assigned:2006-11-08
Published:2006-11-08
Updated:2018-10-17
Summary:Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary JavaScript bytecode via unspecified vectors involving modification of a Script object while it is executing.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: SGI
Type: Patch
20061101-01-P

Source: MITRE
Type: CNA
CVE-2006-5463

Source: CCN
Type: RHSA-2006-0733
Critical: firefox security update

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2006:0733

Source: CCN
Type: RHSA-2006-0734
Critical: seamonkey security update

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2006:0734

Source: CCN
Type: RHSA-2006-0735
Critical: thunderbird security update

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2006:0735

Source: SECUNIA
Type: UNKNOWN
22066

Source: CCN
Type: SA22722
Mozilla Firefox and SeaMonkey Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
22722

Source: SECUNIA
Type: Patch, Vendor Advisory
22727

Source: SECUNIA
Type: Patch, Vendor Advisory
22737

Source: SECUNIA
Type: Patch, Vendor Advisory
22763

Source: CCN
Type: SA22770
Mozilla Thunderbird Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
22770

Source: SECUNIA
Type: Patch, Vendor Advisory
22774

Source: SECUNIA
Type: UNKNOWN
22815

Source: SECUNIA
Type: Patch
22817

Source: SECUNIA
Type: Patch, Vendor Advisory
22929

Source: CCN
Type: SA22965
Avaya Messaging Storage Server Firefox Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
22965

Source: SECUNIA
Type: Patch, Vendor Advisory
22980

Source: SECUNIA
Type: Patch, Vendor Advisory
23009

Source: SECUNIA
Type: Patch, Vendor Advisory
23013

Source: SECUNIA
Type: Patch, Vendor Advisory
23197

Source: SECUNIA
Type: Patch, Vendor Advisory
23202

Source: SECUNIA
Type: Patch, Vendor Advisory
23235

Source: SECUNIA
Type: Patch, Vendor Advisory
23263

Source: SECUNIA
Type: Patch, Vendor Advisory
23287

Source: SECUNIA
Type: Patch, Vendor Advisory
23297

Source: CCN
Type: SA24711
Netscape Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
24711

Source: GENTOO
Type: Patch, Vendor Advisory
GLSA-200612-06

Source: GENTOO
Type: Patch, Vendor Advisory
GLSA-200612-07

Source: GENTOO
Type: Patch, Vendor Advisory
GLSA-200612-08

Source: CCN
Type: SECTRACK ID: 1017184
Mozilla Seamonkey Executing Script Modification Bug Lets Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: Patch
1017184

Source: CCN
Type: SECTRACK ID: 1017185
Mozilla Thunderbird Executing Script Modification Bug Lets Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: Patch
1017185

Source: CCN
Type: SECTRACK ID: 1017186
Mozilla Firefox Executing Script Modification Bug Lets Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: Patch
1017186

Source: CCN
Type: Sun Alert ID: 103011
Security Vulnerability in Mozilla 1.7 May Allow Arbitrary JavaScript Commands to be Run

Source: SUNALERT
Type: UNKNOWN
103011

Source: SUNALERT
Type: UNKNOWN
200185

Source: CCN
Type: ASA-2006-244
thunderbird security update (RHSA-2006-0735)

Source: CONFIRM
Type: Patch, Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2006-246.htm

Source: CCN
Type: ASA-2006-246
firefox security update (RHSA-2006-0733)

Source: CCN
Type: ASA-2006-247
seamonkey security update (RHSA-2006-0734)

Source: CCN
Type: ASA-2007-097
HP-UX Running Firefox Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS) (HPSBUX02153)

Source: CCN
Type: ASA-2007-334
Security Vulnerability in Mozilla 1.7 May Allow Arbitrary JavaScript Commands to be Run (Sun 103011)

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-1224

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-1225

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-1227

Source: DEBIAN
Type: DSA-1224
mozilla -- several vulnerabilities

Source: DEBIAN
Type: DSA-1225
mozilla-firefox -- several vulnerabilities

Source: DEBIAN
Type: DSA-1227
mozilla-thunderbird -- several vulnerabilities

Source: CCN
Type: GLSA-200612-06
Mozilla Thunderbird: Multiple vulnerabilities

Source: CCN
Type: GLSA-200612-07
Mozilla Firefox: Multiple vulnerabilities

Source: CCN
Type: GLSA-200612-08
SeaMonkey: Multiple vulnerabilities

Source: CCN
Type: US-CERT VU#714496
Mozilla products allow execution of arbitrary JavaScript

Source: CERT-VN
Type: Patch, US Government Resource
VU#714496

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:205

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:206

Source: CCN
Type: MFSA 2006-67
Running Script can be recompiled

Source: CONFIRM
Type: Patch
http://www.mozilla.org/security/announce/2006/mfsa2006-67.html

Source: SUSE
Type: Patch, Vendor Advisory
SUSE-SA:2006:068

Source: BUGTRAQ
Type: UNKNOWN
20061109 rPSA-2006-0206-1 firefox thunderbird

Source: BID
Type: UNKNOWN
20957

Source: CCN
Type: BID-20957
Mozilla Client Products Multiple Remote Vulnerabilities

Source: CCN
Type: USN-381-1
Firefox vulnerabilities

Source: UBUNTU
Type: Patch, Vendor Advisory
USN-381-1

Source: CCN
Type: USN-382-1
Thunderbird vulnerabilities

Source: UBUNTU
Type: Patch, Vendor Advisory
USN-382-1

Source: CERT
Type: Patch, US Government Resource
TA06-312A

Source: VUPEN
Type: UNKNOWN
ADV-2006-3748

Source: VUPEN
Type: UNKNOWN
ADV-2006-4387

Source: VUPEN
Type: UNKNOWN
ADV-2007-1198

Source: VUPEN
Type: UNKNOWN
ADV-2007-2663

Source: VUPEN
Type: UNKNOWN
ADV-2008-0083

Source: HP
Type: UNKNOWN
SSRT061181

Source: MISC
Type: UNKNOWN
https://bugzilla.mozilla.org/show_bug.cgi?id=355655

Source: XF
Type: UNKNOWN
mozilla-script-code-execution(30116)

Source: XF
Type: UNKNOWN
mozilla-script-code-execution(30116)

Source: CONFIRM
Type: UNKNOWN
https://issues.rpath.com/browse/RPL-765

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10357

Source: SUSE
Type: SUSE-SA:2006:068
Mozilla Firefox 1.5.0.8 release

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mozilla:firefox:1.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0:*:dev:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.0:-:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5:-:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0::dev:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5:-:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.0:-:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.0.8:*:*:*:*:*:*:*
  • AND
  • cpe:/o:sun:solaris:8::x86:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:sun:solaris:8::sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9::x86:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10::sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10::x86:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.1::personal:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9::sparc:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20065463
    V
    		CVE-2006-5463
    2015-11-16
    oval:org.mitre.oval:def:10357
    V
    		Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary JavaScript bytecode via unspecified vectors involving modification of a Script object while it is executing.
    2013-04-29
    oval:org.debian:def:1225
    V
    		several vulnerabilities
    2013-01-21
    oval:org.debian:def:1227
    V
    		several vulnerabilities
    2006-12-04
    oval:org.debian:def:1224
    V
    		several vulnerabilities
    2006-12-03
    oval:com.redhat.rhsa:def:20060733
    P
    		RHSA-2006:0733: firefox security update (Critical)
    2006-11-08
    oval:com.redhat.rhsa:def:20060734
    P
    		RHSA-2006:0734: seamonkey security update (Critical)
    2006-11-08
    oval:com.redhat.rhsa:def:20060735
    P
    		RHSA-2006:0735: thunderbird security update (Critical)
    2006-11-08
    BACK
    mozilla firefox 1.5
    mozilla firefox 1.5 beta1
    mozilla firefox 1.5 beta2
    mozilla firefox 1.5.0.1
    mozilla firefox 1.5.0.2
    mozilla firefox 1.5.0.3
    mozilla firefox 1.5.0.4
    mozilla firefox 1.5.0.5
    mozilla firefox 1.5.0.6
    mozilla firefox 1.5.0.7
    mozilla seamonkey 1.0
    mozilla seamonkey 1.0
    mozilla seamonkey 1.0.1
    mozilla seamonkey 1.0.2
    mozilla seamonkey 1.0.3
    mozilla seamonkey 1.0.5
    mozilla thunderbird 1.0
    mozilla thunderbird 1.0.1
    mozilla thunderbird 1.0.2
    mozilla thunderbird 1.0.5
    mozilla thunderbird 1.0.6
    mozilla thunderbird 1.0.7
    mozilla thunderbird 1.0.8
    mozilla thunderbird 1.5
    mozilla thunderbird 1.5 beta2
    mozilla thunderbird 1.5.0.1
    mozilla thunderbird 1.5.0.2
    mozilla thunderbird 1.5.0.4
    mozilla thunderbird 1.5.0.7
    mozilla thunderbird 1.0.1
    mozilla firefox 1.5 beta1
    mozilla thunderbird 1.0.2
    mozilla thunderbird 1.0.6
    mozilla thunderbird 1.0.7
    mozilla seamonkey 1.0
    mozilla firefox 1.5
    mozilla thunderbird 1.5
    mozilla thunderbird 1.5 beta2
    mozilla firefox 1.5.0.2
    mozilla firefox 1.5.0.3
    mozilla firefox 1.5.0.4
    mozilla firefox 1.5.0.6
    mozilla firefox 1.5.0.7
    mozilla thunderbird 1.5.0.7
    mozilla seamonkey 1.0.5
    mozilla seamonkey 1.0.2
    mozilla thunderbird 1.5.0.4
    mozilla thunderbird 1.5.0.2
    mozilla thunderbird 1.5.0.1
    mozilla seamonkey 1.0
    mozilla seamonkey 1.0.1
    mozilla seamonkey 1.0.3
    mozilla firefox 1.5.0.1
    mozilla firefox 1.5.0.5
    mozilla firefox 1.5 beta2
    mozilla thunderbird 1.0
    mozilla thunderbird 1.0.5
    mozilla thunderbird 1.0.8
    sun solaris 8
    gentoo linux *
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    sun solaris 8
    sun solaris 9
    redhat enterprise linux 3
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    novell linux desktop 9
    redhat enterprise linux 4
    redhat enterprise linux 4
    debian debian linux 3.1
    sun solaris 10
    sun solaris 10
    redhat linux advanced workstation 2.1
    canonical ubuntu 6.06
    suse suse linux 10.1
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    sun solaris 9