Vulnerability Name:

CVE-2006-5748 (CCN-30096)

Assigned:2006-11-08
Published:2006-11-08
Updated:2018-10-17
Summary:Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger memory corruption.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Gain Access
References:Source: SGI
Type: Patch
20061101-01-P

Source: MITRE
Type: CNA
CVE-2006-5748

Source: CCN
Type: RHSA-2006-0733
Critical: firefox security update

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2006:0733

Source: CCN
Type: RHSA-2006-0734
Critical: seamonkey security update

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2006:0734

Source: CCN
Type: RHSA-2006-0735
Critical: thunderbird security update

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2006:0735

Source: SECUNIA
Type: UNKNOWN
22066

Source: CCN
Type: SA22722
Mozilla Firefox and SeaMonkey Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
22722

Source: SECUNIA
Type: Patch, Vendor Advisory
22727

Source: SECUNIA
Type: Patch, Vendor Advisory
22737

Source: SECUNIA
Type: Patch, Vendor Advisory
22763

Source: CCN
Type: SA22770
Mozilla Thunderbird Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
22770

Source: SECUNIA
Type: Patch, Vendor Advisory
22774

Source: SECUNIA
Type: UNKNOWN
22815

Source: SECUNIA
Type: Patch, Vendor Advisory
22817

Source: SECUNIA
Type: Patch, Vendor Advisory
22929

Source: CCN
Type: SA22965
Avaya Messaging Storage Server Firefox Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
22965

Source: SECUNIA
Type: Patch, Vendor Advisory
22980

Source: SECUNIA
Type: Patch, Vendor Advisory
23009

Source: SECUNIA
Type: Patch, Vendor Advisory
23013

Source: SECUNIA
Type: Patch, Vendor Advisory
23197

Source: SECUNIA
Type: Patch, Vendor Advisory
23202

Source: SECUNIA
Type: Patch, Vendor Advisory
23235

Source: SECUNIA
Type: Vendor Advisory
23263

Source: SECUNIA
Type: Vendor Advisory
23287

Source: SECUNIA
Type: UNKNOWN
23297

Source: CCN
Type: SA24711
Netscape Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
24711

Source: CCN
Type: SA27603
Sun Solaris Mozilla 1.7 Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
27603

Source: GENTOO
Type: Patch
GLSA-200612-06

Source: GENTOO
Type: Patch
GLSA-200612-07

Source: GENTOO
Type: UNKNOWN
GLSA-200612-08

Source: CCN
Type: SECTRACK ID: 1017177
Mozilla Seamonkey Layout Engine, XML Method, and JavaScript Engine Memory Errors May Let Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: Patch
1017177

Source: CCN
Type: SECTRACK ID: 1017178
Mozilla Thunderbird Layout Engine, XML Method, and JavaScript Engine Memory Errors May Let Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: Patch
1017178

Source: CCN
Type: SECTRACK ID: 1017179
Mozilla Firefox Layout Engine, XML Method, and JavaScript Engine Memory Errors May Let Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: Patch
1017179

Source: CCN
Type: Sun Alert ID: 103139
Multiple Security Vulnerabilities in the JavaScript Engine in Mozilla 1.7 for Solaris 8, 9 and 10

Source: SUNALERT
Type: UNKNOWN
103139

Source: SUNALERT
Type: UNKNOWN
201335

Source: CCN
Type: ASA-2006-244
thunderbird security update (RHSA-2006-0735)

Source: CONFIRM
Type: Patch
http://support.avaya.com/elmodocs2/security/ASA-2006-246.htm

Source: CCN
Type: ASA-2006-246
firefox security update (RHSA-2006-0733)

Source: CCN
Type: ASA-2006-247
seamonkey security update (RHSA-2006-0734)

Source: CCN
Type: ASA-2007-097
HP-UX Running Firefox Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS) (HPSBUX02153)

Source: CCN
Type: ASA-2007-467
Multiple Security Vulnerabilities in the JavaScript Engine in Mozilla 1.7 for Solaris 8 9 and 10 (Sun 103139)

Source: DEBIAN
Type: Patch
DSA-1224

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-1225

Source: DEBIAN
Type: Patch
DSA-1227

Source: DEBIAN
Type: DSA-1224
mozilla -- several vulnerabilities

Source: DEBIAN
Type: DSA-1225
mozilla-firefox -- several vulnerabilities

Source: DEBIAN
Type: DSA-1227
mozilla-thunderbird -- several vulnerabilities

Source: CCN
Type: GLSA-200612-06
Mozilla Thunderbird: Multiple vulnerabilities

Source: CCN
Type: GLSA-200612-07
Mozilla Firefox: Multiple vulnerabilities

Source: CCN
Type: GLSA-200612-08
SeaMonkey: Multiple vulnerabilities

Source: CCN
Type: US-CERT VU#390480
Mozilla products vulnerable to memory corruption

Source: CERT-VN
Type: Patch, US Government Resource
VU#390480

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:205

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:206

Source: CCN
Type: MFSA 2006-65
Crashes with evidence of memory corruption (rv:1.8.0.8)

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.mozilla.org/security/announce/2006/mfsa2006-65.html

Source: SUSE
Type: Patch
SUSE-SA:2006:068

Source: BUGTRAQ
Type: UNKNOWN
20061109 rPSA-2006-0206-1 firefox thunderbird

Source: BID
Type: Patch
20957

Source: CCN
Type: BID-20957
Mozilla Client Products Multiple Remote Vulnerabilities

Source: CCN
Type: USN-381-1
Firefox vulnerabilities

Source: UBUNTU
Type: Patch, Vendor Advisory
USN-381-1

Source: CCN
Type: USN-382-1
Thunderbird vulnerabilities

Source: UBUNTU
Type: Patch
USN-382-1

Source: CERT
Type: Patch, US Government Resource
TA06-312A

Source: VUPEN
Type: UNKNOWN
ADV-2006-3748

Source: VUPEN
Type: UNKNOWN
ADV-2006-4387

Source: VUPEN
Type: UNKNOWN
ADV-2007-1198

Source: VUPEN
Type: UNKNOWN
ADV-2007-3821

Source: VUPEN
Type: UNKNOWN
ADV-2008-0083

Source: HP
Type: UNKNOWN
SSRT061181

Source: MISC
Type: UNKNOWN
https://bugzilla.mozilla.org/show_bug.cgi?id=349527

Source: MISC
Type: UNKNOWN
https://bugzilla.mozilla.org/show_bug.cgi?id=350238

Source: MISC
Type: UNKNOWN
https://bugzilla.mozilla.org/show_bug.cgi?id=351116

Source: MISC
Type: UNKNOWN
https://bugzilla.mozilla.org/show_bug.cgi?id=351973

Source: MISC
Type: UNKNOWN
https://bugzilla.mozilla.org/show_bug.cgi?id=352271

Source: MISC
Type: UNKNOWN
https://bugzilla.mozilla.org/show_bug.cgi?id=352606

Source: MISC
Type: UNKNOWN
https://bugzilla.mozilla.org/show_bug.cgi?id=353165

Source: MISC
Type: UNKNOWN
https://bugzilla.mozilla.org/show_bug.cgi?id=354145

Source: MISC
Type: UNKNOWN
https://bugzilla.mozilla.org/show_bug.cgi?id=354151

Source: XF
Type: UNKNOWN
mozilla-javascript-engine-code-execution(30096)

Source: XF
Type: UNKNOWN
mozilla-javascript-engine-code-execution(30096)

Source: CONFIRM
Type: UNKNOWN
https://issues.rpath.com/browse/RPL-765

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11408

Source: SUSE
Type: SUSE-SA:2006:068
Mozilla Firefox 1.5.0.8 release

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mozilla:firefox:1.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0:*:dev:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.0:-:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5:-:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

  • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

  • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

  • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

  • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0::dev:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5:-:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.0:-:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:thunderbird:1.0.8:*:*:*:*:*:*:*
  • AND
  • cpe:/o:sun:solaris:8::x86:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:sun:solaris:8::sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9::x86:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.7:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10::sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10::x86:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.1::personal:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9::sparc:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20065748
    V
    CVE-2006-5748
    2015-11-16
    oval:org.mitre.oval:def:11408
    V
    Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger memory corruption.
    2013-04-29
    oval:org.debian:def:1225
    V
    several vulnerabilities
    2013-01-21
    oval:org.debian:def:1227
    V
    several vulnerabilities
    2006-12-04
    oval:org.debian:def:1224
    V
    several vulnerabilities
    2006-12-03
    oval:com.redhat.rhsa:def:20060733
    P
    RHSA-2006:0733: firefox security update (Critical)
    2006-11-08
    oval:com.redhat.rhsa:def:20060734
    P
    RHSA-2006:0734: seamonkey security update (Critical)
    2006-11-08
    oval:com.redhat.rhsa:def:20060735
    P
    RHSA-2006:0735: thunderbird security update (Critical)
    2006-11-08
    BACK
    mozilla firefox 1.5
    mozilla firefox 1.5 beta1
    mozilla firefox 1.5 beta2
    mozilla firefox 1.5.0.1
    mozilla firefox 1.5.0.2
    mozilla firefox 1.5.0.3
    mozilla firefox 1.5.0.4
    mozilla firefox 1.5.0.5
    mozilla firefox 1.5.0.6
    mozilla firefox 1.5.0.7
    mozilla seamonkey 1.0
    mozilla seamonkey 1.0
    mozilla seamonkey 1.0.1
    mozilla seamonkey 1.0.2
    mozilla seamonkey 1.0.3
    mozilla seamonkey 1.0.5
    mozilla thunderbird 1.0
    mozilla thunderbird 1.0.1
    mozilla thunderbird 1.0.2
    mozilla thunderbird 1.0.5
    mozilla thunderbird 1.0.6
    mozilla thunderbird 1.0.7
    mozilla thunderbird 1.0.8
    mozilla thunderbird 1.5
    mozilla thunderbird 1.5 beta2
    mozilla thunderbird 1.5.0.1
    mozilla thunderbird 1.5.0.2
    mozilla thunderbird 1.5.0.4
    mozilla thunderbird 1.5.0.7
    mozilla thunderbird 1.0.1
    mozilla firefox 1.5 beta1
    mozilla thunderbird 1.0.2
    mozilla thunderbird 1.0.6
    mozilla thunderbird 1.0.7
    mozilla seamonkey 1.0
    mozilla firefox 1.5
    mozilla thunderbird 1.5
    mozilla thunderbird 1.5 beta2
    mozilla firefox 1.5.0.2
    mozilla firefox 1.5.0.3
    mozilla firefox 1.5.0.4
    mozilla firefox 1.5.0.6
    mozilla firefox 1.5.0.7
    mozilla thunderbird 1.5.0.7
    mozilla seamonkey 1.0.5
    mozilla seamonkey 1.0.2
    mozilla thunderbird 1.5.0.4
    mozilla thunderbird 1.5.0.2
    mozilla thunderbird 1.5.0.1
    mozilla seamonkey 1.0
    mozilla seamonkey 1.0.1
    mozilla seamonkey 1.0.3
    mozilla firefox 1.5.0.1
    mozilla firefox 1.5.0.5
    mozilla firefox 1.5 beta2
    mozilla thunderbird 1.0
    mozilla thunderbird 1.0.5
    mozilla thunderbird 1.0.8
    sun solaris 8
    gentoo linux *
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    sun solaris 8
    sun solaris 9
    redhat enterprise linux 3
    mozilla mozilla 1.7
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    novell linux desktop 9
    redhat enterprise linux 4
    redhat enterprise linux 4
    debian debian linux 3.1
    sun solaris 10
    sun solaris 10
    redhat linux advanced workstation 2.1
    canonical ubuntu 6.06
    suse suse linux 10.1
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    sun solaris 9