Vulnerability Name: CVE-2006-5748 (CCN-30096) Assigned: 2006-11-08 Published: 2006-11-08 Updated: 2018-10-17 Summary: Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger memory corruption. CVSS v3 Severity: 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): Low
CVSS v2 Severity: 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P )3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Partial
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P )3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): HighAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
Vulnerability Type: CWE-noinfo Vulnerability Consequences: Gain Access References: Source: SGI Type: Patch20061101-01-P Source: MITRE Type: CNACVE-2006-5748 Source: CCN Type: RHSA-2006-0733Critical: firefox security update Source: REDHAT Type: Patch, Vendor AdvisoryRHSA-2006:0733 Source: CCN Type: RHSA-2006-0734Critical: seamonkey security update Source: REDHAT Type: Patch, Vendor AdvisoryRHSA-2006:0734 Source: CCN Type: RHSA-2006-0735Critical: thunderbird security update Source: REDHAT Type: Patch, Vendor AdvisoryRHSA-2006:0735 Source: SECUNIA Type: UNKNOWN22066 Source: CCN Type: SA22722Mozilla Firefox and SeaMonkey Multiple Vulnerabilities Source: SECUNIA Type: Patch, Vendor Advisory22722 Source: SECUNIA Type: Patch, Vendor Advisory22727 Source: SECUNIA Type: Patch, Vendor Advisory22737 Source: SECUNIA Type: Patch, Vendor Advisory22763 Source: CCN Type: SA22770Mozilla Thunderbird Multiple Vulnerabilities Source: SECUNIA Type: Patch, Vendor Advisory22770 Source: SECUNIA Type: Patch, Vendor Advisory22774 Source: SECUNIA Type: UNKNOWN22815 Source: SECUNIA Type: Patch, Vendor Advisory22817 Source: SECUNIA Type: Patch, Vendor Advisory22929 Source: CCN Type: SA22965Avaya Messaging Storage Server Firefox Multiple Vulnerabilities Source: SECUNIA Type: Patch, Vendor Advisory22965 Source: SECUNIA Type: Patch, Vendor Advisory22980 Source: SECUNIA Type: Patch, Vendor Advisory23009 Source: SECUNIA Type: Patch, Vendor Advisory23013 Source: SECUNIA Type: Patch, Vendor Advisory23197 Source: SECUNIA Type: Patch, Vendor Advisory23202 Source: SECUNIA Type: Patch, Vendor Advisory23235 Source: SECUNIA Type: Vendor Advisory23263 Source: SECUNIA Type: Vendor Advisory23287 Source: SECUNIA Type: UNKNOWN23297 Source: CCN Type: SA24711Netscape Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN24711 Source: CCN Type: SA27603Sun Solaris Mozilla 1.7 Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN27603 Source: GENTOO Type: PatchGLSA-200612-06 Source: GENTOO Type: PatchGLSA-200612-07 Source: GENTOO Type: UNKNOWNGLSA-200612-08 Source: CCN Type: SECTRACK ID: 1017177Mozilla Seamonkey Layout Engine, XML Method, and JavaScript Engine Memory Errors May Let Remote Users Execute Arbitrary Code Source: SECTRACK Type: Patch1017177 Source: CCN Type: SECTRACK ID: 1017178Mozilla Thunderbird Layout Engine, XML Method, and JavaScript Engine Memory Errors May Let Remote Users Execute Arbitrary Code Source: SECTRACK Type: Patch1017178 Source: CCN Type: SECTRACK ID: 1017179Mozilla Firefox Layout Engine, XML Method, and JavaScript Engine Memory Errors May Let Remote Users Execute Arbitrary Code Source: SECTRACK Type: Patch1017179 Source: CCN Type: Sun Alert ID: 103139Multiple Security Vulnerabilities in the JavaScript Engine in Mozilla 1.7 for Solaris 8, 9 and 10 Source: SUNALERT Type: UNKNOWN103139 Source: SUNALERT Type: UNKNOWN201335 Source: CCN Type: ASA-2006-244thunderbird security update (RHSA-2006-0735) Source: CONFIRM Type: Patchhttp://support.avaya.com/elmodocs2/security/ASA-2006-246.htm Source: CCN Type: ASA-2006-246firefox security update (RHSA-2006-0733) Source: CCN Type: ASA-2006-247seamonkey security update (RHSA-2006-0734) Source: CCN Type: ASA-2007-097HP-UX Running Firefox Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS) (HPSBUX02153) Source: CCN Type: ASA-2007-467Multiple Security Vulnerabilities in the JavaScript Engine in Mozilla 1.7 for Solaris 8 9 and 10 (Sun 103139) Source: DEBIAN Type: PatchDSA-1224 Source: DEBIAN Type: Patch, Vendor AdvisoryDSA-1225 Source: DEBIAN Type: PatchDSA-1227 Source: DEBIAN Type: DSA-1224mozilla -- several vulnerabilities Source: DEBIAN Type: DSA-1225mozilla-firefox -- several vulnerabilities Source: DEBIAN Type: DSA-1227mozilla-thunderbird -- several vulnerabilities Source: CCN Type: GLSA-200612-06Mozilla Thunderbird: Multiple vulnerabilities Source: CCN Type: GLSA-200612-07Mozilla Firefox: Multiple vulnerabilities Source: CCN Type: GLSA-200612-08SeaMonkey: Multiple vulnerabilities Source: CCN Type: US-CERT VU#390480Mozilla products vulnerable to memory corruption Source: CERT-VN Type: Patch, US Government ResourceVU#390480 Source: MANDRIVA Type: UNKNOWNMDKSA-2006:205 Source: MANDRIVA Type: UNKNOWNMDKSA-2006:206 Source: CCN Type: MFSA 2006-65Crashes with evidence of memory corruption (rv:1.8.0.8) Source: CONFIRM Type: Patch, Vendor Advisoryhttp://www.mozilla.org/security/announce/2006/mfsa2006-65.html Source: SUSE Type: PatchSUSE-SA:2006:068 Source: BUGTRAQ Type: UNKNOWN20061109 rPSA-2006-0206-1 firefox thunderbird Source: BID Type: Patch20957 Source: CCN Type: BID-20957Mozilla Client Products Multiple Remote Vulnerabilities Source: CCN Type: USN-381-1Firefox vulnerabilities Source: UBUNTU Type: Patch, Vendor AdvisoryUSN-381-1 Source: CCN Type: USN-382-1Thunderbird vulnerabilities Source: UBUNTU Type: PatchUSN-382-1 Source: CERT Type: Patch, US Government ResourceTA06-312A Source: VUPEN Type: UNKNOWNADV-2006-3748 Source: VUPEN Type: UNKNOWNADV-2006-4387 Source: VUPEN Type: UNKNOWNADV-2007-1198 Source: VUPEN Type: UNKNOWNADV-2007-3821 Source: VUPEN Type: UNKNOWNADV-2008-0083 Source: HP Type: UNKNOWNSSRT061181 Source: MISC Type: UNKNOWNhttps://bugzilla.mozilla.org/show_bug.cgi?id=349527 Source: MISC Type: UNKNOWNhttps://bugzilla.mozilla.org/show_bug.cgi?id=350238 Source: MISC Type: UNKNOWNhttps://bugzilla.mozilla.org/show_bug.cgi?id=351116 Source: MISC Type: UNKNOWNhttps://bugzilla.mozilla.org/show_bug.cgi?id=351973 Source: MISC Type: UNKNOWNhttps://bugzilla.mozilla.org/show_bug.cgi?id=352271 Source: MISC Type: UNKNOWNhttps://bugzilla.mozilla.org/show_bug.cgi?id=352606 Source: MISC Type: UNKNOWNhttps://bugzilla.mozilla.org/show_bug.cgi?id=353165 Source: MISC Type: UNKNOWNhttps://bugzilla.mozilla.org/show_bug.cgi?id=354145 Source: MISC Type: UNKNOWNhttps://bugzilla.mozilla.org/show_bug.cgi?id=354151 Source: XF Type: UNKNOWNmozilla-javascript-engine-code-execution(30096) Source: XF Type: UNKNOWNmozilla-javascript-engine-code-execution(30096) Source: CONFIRM Type: UNKNOWNhttps://issues.rpath.com/browse/RPL-765 Source: OVAL Type: UNKNOWNoval:org.mitre.oval:def:11408 Source: SUSE Type: SUSE-SA:2006:068Mozilla Firefox 1.5.0.8 release Vulnerable Configuration: Configuration 1 :cpe:/a:mozilla:firefox:1.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5:beta1:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5:beta2:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0:*:dev:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0:-:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0.8:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5:-:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:* Configuration RedHat 1 :cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:* Configuration RedHat 2 :cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:* Configuration RedHat 3 :cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:* Configuration RedHat 4 :cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:* Configuration RedHat 5 :cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:* Configuration CCN 1 :cpe:/a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5:beta1:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0::dev:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5:-:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5:beta2:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0:-:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0.8:*:*:*:*:*:*:* AND cpe:/o:sun:solaris:8::x86:*:*:*:*:* OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:* OR cpe:/o:sun:solaris:8::sparc:*:*:*:*:* OR cpe:/o:sun:solaris:9::x86:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:* OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:* OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:* OR cpe:/o:sun:solaris:10::sparc:*:*:*:*:* OR cpe:/o:sun:solaris:10::x86:*:*:*:*:* OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:* OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:* OR cpe:/o:suse:suse_linux:10.1::personal:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:* OR cpe:/o:sun:solaris:9::sparc:*:*:*:*:* Denotes that component is vulnerable Oval Definitions BACK
mozilla firefox 1.5
mozilla firefox 1.5 beta1
mozilla firefox 1.5 beta2
mozilla firefox 1.5.0.1
mozilla firefox 1.5.0.2
mozilla firefox 1.5.0.3
mozilla firefox 1.5.0.4
mozilla firefox 1.5.0.5
mozilla firefox 1.5.0.6
mozilla firefox 1.5.0.7
mozilla seamonkey 1.0
mozilla seamonkey 1.0
mozilla seamonkey 1.0.1
mozilla seamonkey 1.0.2
mozilla seamonkey 1.0.3
mozilla seamonkey 1.0.5
mozilla thunderbird 1.0
mozilla thunderbird 1.0.1
mozilla thunderbird 1.0.2
mozilla thunderbird 1.0.5
mozilla thunderbird 1.0.6
mozilla thunderbird 1.0.7
mozilla thunderbird 1.0.8
mozilla thunderbird 1.5
mozilla thunderbird 1.5 beta2
mozilla thunderbird 1.5.0.1
mozilla thunderbird 1.5.0.2
mozilla thunderbird 1.5.0.4
mozilla thunderbird 1.5.0.7
mozilla thunderbird 1.0.1
mozilla firefox 1.5 beta1
mozilla thunderbird 1.0.2
mozilla thunderbird 1.0.6
mozilla thunderbird 1.0.7
mozilla seamonkey 1.0
mozilla firefox 1.5
mozilla thunderbird 1.5
mozilla thunderbird 1.5 beta2
mozilla firefox 1.5.0.2
mozilla firefox 1.5.0.3
mozilla firefox 1.5.0.4
mozilla firefox 1.5.0.6
mozilla firefox 1.5.0.7
mozilla thunderbird 1.5.0.7
mozilla seamonkey 1.0.5
mozilla seamonkey 1.0.2
mozilla thunderbird 1.5.0.4
mozilla thunderbird 1.5.0.2
mozilla thunderbird 1.5.0.1
mozilla seamonkey 1.0
mozilla seamonkey 1.0.1
mozilla seamonkey 1.0.3
mozilla firefox 1.5.0.1
mozilla firefox 1.5.0.5
mozilla firefox 1.5 beta2
mozilla thunderbird 1.0
mozilla thunderbird 1.0.5
mozilla thunderbird 1.0.8
sun solaris 8
gentoo linux *
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 3
sun solaris 8
sun solaris 9
redhat enterprise linux 3
mozilla mozilla 1.7
mandrakesoft mandrake linux corporate server 3.0
redhat enterprise linux 4
redhat enterprise linux 4
novell linux desktop 9
redhat enterprise linux 4
redhat enterprise linux 4
debian debian linux 3.1
sun solaris 10
sun solaris 10
redhat linux advanced workstation 2.1
canonical ubuntu 6.06
suse suse linux 10.1
mandrakesoft mandrake linux 2007
mandrakesoft mandrake linux 2007
mandrakesoft mandrake linux corporate server 4.0
mandrakesoft mandrake linux corporate server 4.0
mandrakesoft mandrake linux corporate server 3.0
sun solaris 9