Vulnerability Name: CVE-2006-5748 (CCN-30096) Assigned: 2006-11-08 Published: 2006-11-08 Updated: 2018-10-17 Summary: Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger memory corruption. CVSS v3 Severity: 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): Low
CVSS v2 Severity: 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Partial
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P 3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): HighAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
Vulnerability Type: CWE-noinfo Vulnerability Consequences: Gain Access References: Source: SGI20061101-01-P CVE-2006-5748 Critical: firefox security update RHSA-2006:0733 Critical: seamonkey security update RHSA-2006:0734 Critical: thunderbird security update RHSA-2006:0735 22066 Mozilla Firefox and SeaMonkey Multiple Vulnerabilities 22722 22727 22737 22763 Mozilla Thunderbird Multiple Vulnerabilities 22770 22774 22815 22817 22929 Avaya Messaging Storage Server Firefox Multiple Vulnerabilities 22965 22980 23009 23013 23197 23202 23235 23263 23287 23297 Netscape Multiple Vulnerabilities 24711 Sun Solaris Mozilla 1.7 Multiple Vulnerabilities 27603 GLSA-200612-06 GLSA-200612-07 GLSA-200612-08 Mozilla Seamonkey Layout Engine, XML Method, and JavaScript Engine Memory Errors May Let Remote Users Execute Arbitrary Code 1017177 Mozilla Thunderbird Layout Engine, XML Method, and JavaScript Engine Memory Errors May Let Remote Users Execute Arbitrary Code 1017178 Mozilla Firefox Layout Engine, XML Method, and JavaScript Engine Memory Errors May Let Remote Users Execute Arbitrary Code 1017179 Multiple Security Vulnerabilities in the JavaScript Engine in Mozilla 1.7 for Solaris 8, 9 and 10 103139 201335 thunderbird security update (RHSA-2006-0735) http://support.avaya.com/elmodocs2/security/ASA-2006-246.htm firefox security update (RHSA-2006-0733) seamonkey security update (RHSA-2006-0734) HP-UX Running Firefox Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS) (HPSBUX02153) Multiple Security Vulnerabilities in the JavaScript Engine in Mozilla 1.7 for Solaris 8 9 and 10 (Sun 103139) DSA-1224 DSA-1225 DSA-1227 mozilla -- several vulnerabilities mozilla-firefox -- several vulnerabilities mozilla-thunderbird -- several vulnerabilities Mozilla Thunderbird: Multiple vulnerabilities Mozilla Firefox: Multiple vulnerabilities SeaMonkey: Multiple vulnerabilities Mozilla products vulnerable to memory corruption VU#390480 MDKSA-2006:205 MDKSA-2006:206 Crashes with evidence of memory corruption (rv:1.8.0.8) http://www.mozilla.org/security/announce/2006/mfsa2006-65.html SUSE-SA:2006:068 20061109 rPSA-2006-0206-1 firefox thunderbird 20957 Mozilla Client Products Multiple Remote Vulnerabilities Firefox vulnerabilities USN-381-1 Thunderbird vulnerabilities USN-382-1 TA06-312A ADV-2006-3748 ADV-2006-4387 ADV-2007-1198 ADV-2007-3821 ADV-2008-0083 SSRT061181 https://bugzilla.mozilla.org/show_bug.cgi?id=349527 https://bugzilla.mozilla.org/show_bug.cgi?id=350238 https://bugzilla.mozilla.org/show_bug.cgi?id=351116 https://bugzilla.mozilla.org/show_bug.cgi?id=351973 https://bugzilla.mozilla.org/show_bug.cgi?id=352271 https://bugzilla.mozilla.org/show_bug.cgi?id=352606 https://bugzilla.mozilla.org/show_bug.cgi?id=353165 https://bugzilla.mozilla.org/show_bug.cgi?id=354145 https://bugzilla.mozilla.org/show_bug.cgi?id=354151 mozilla-javascript-engine-code-execution(30096) mozilla-javascript-engine-code-execution(30096) https://issues.rpath.com/browse/RPL-765 oval:org.mitre.oval:def:11408 Mozilla Firefox 1.5.0.8 release Vulnerable Configuration: Configuration 1 :cpe:/a:mozilla:firefox:1.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5:beta1:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5:beta2:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0:*:dev:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0:-:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0.8:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5:-:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:* Configuration RedHat 1 :cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:* Configuration RedHat 2 :cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:* Configuration RedHat 3 :cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:* Configuration RedHat 4 :cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:* Configuration RedHat 5 :cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:* Configuration CCN 1 :cpe:/a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5:beta1:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0::dev:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5:-:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5:beta2:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0:-:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0.8:*:*:*:*:*:*:* AND cpe:/o:sun:solaris:8::x86:*:*:*:*:* OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:* OR cpe:/o:sun:solaris:8::sparc:*:*:*:*:* OR cpe:/o:sun:solaris:9::x86:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:* OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:* OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:* OR cpe:/o:sun:solaris:10::sparc:*:*:*:*:* OR cpe:/o:sun:solaris:10::x86:*:*:*:*:* OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:* OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:* OR cpe:/o:suse:suse_linux:10.1::personal:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:* OR cpe:/o:sun:solaris:9::sparc:*:*:*:*:* Oval Definitions BACK
mozilla firefox 1.5
mozilla firefox 1.5 beta1
mozilla firefox 1.5 beta2
mozilla firefox 1.5.0.1
mozilla firefox 1.5.0.2
mozilla firefox 1.5.0.3
mozilla firefox 1.5.0.4
mozilla firefox 1.5.0.5
mozilla firefox 1.5.0.6
mozilla firefox 1.5.0.7
mozilla seamonkey 1.0
mozilla seamonkey 1.0
mozilla seamonkey 1.0.1
mozilla seamonkey 1.0.2
mozilla seamonkey 1.0.3
mozilla seamonkey 1.0.5
mozilla thunderbird 1.0
mozilla thunderbird 1.0.1
mozilla thunderbird 1.0.2
mozilla thunderbird 1.0.5
mozilla thunderbird 1.0.6
mozilla thunderbird 1.0.7
mozilla thunderbird 1.0.8
mozilla thunderbird 1.5
mozilla thunderbird 1.5 beta2
mozilla thunderbird 1.5.0.1
mozilla thunderbird 1.5.0.2
mozilla thunderbird 1.5.0.4
mozilla thunderbird 1.5.0.7
mozilla thunderbird 1.0.1
mozilla firefox 1.5 beta1
mozilla thunderbird 1.0.2
mozilla thunderbird 1.0.6
mozilla thunderbird 1.0.7
mozilla seamonkey 1.0
mozilla firefox 1.5
mozilla thunderbird 1.5
mozilla thunderbird 1.5 beta2
mozilla firefox 1.5.0.2
mozilla firefox 1.5.0.3
mozilla firefox 1.5.0.4
mozilla firefox 1.5.0.6
mozilla firefox 1.5.0.7
mozilla thunderbird 1.5.0.7
mozilla seamonkey 1.0.5
mozilla seamonkey 1.0.2
mozilla thunderbird 1.5.0.4
mozilla thunderbird 1.5.0.2
mozilla thunderbird 1.5.0.1
mozilla seamonkey 1.0
mozilla seamonkey 1.0.1
mozilla seamonkey 1.0.3
mozilla firefox 1.5.0.1
mozilla firefox 1.5.0.5
mozilla firefox 1.5 beta2
mozilla thunderbird 1.0
mozilla thunderbird 1.0.5
mozilla thunderbird 1.0.8
sun solaris 8
gentoo linux *
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 3
sun solaris 8
sun solaris 9
redhat enterprise linux 3
mozilla mozilla 1.7
mandrakesoft mandrake linux corporate server 3.0
redhat enterprise linux 4
redhat enterprise linux 4
novell linux desktop 9
redhat enterprise linux 4
redhat enterprise linux 4
debian debian linux 3.1
sun solaris 10
sun solaris 10
redhat linux advanced workstation 2.1
canonical ubuntu 6.06
suse suse linux 10.1
mandrakesoft mandrake linux 2007
mandrakesoft mandrake linux 2007
mandrakesoft mandrake linux corporate server 4.0
mandrakesoft mandrake linux corporate server 4.0
mandrakesoft mandrake linux corporate server 3.0
sun solaris 9
Denotes that component is vulnerable