Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSource method of the Object, Array, and String objects; and (2) unspecified "string function arguments."

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.29557.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Mozilla
  • Firefox
  • Seamonkey
  • Thunderbird
Redhat
  • Enterprise Linux

Configuration 1 [-]

OR cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:*:dev:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 3
seamonkey-0:1.0.3-0.el3.1 cpe:/o:redhat:enterprise_linux:3 RHSA-2006:0608 2006-07-27T00:00:00Z
Red Hat Enterprise Linux 4
devhelp-0:0.10-0.2.el4 cpe:/o:redhat:enterprise_linux:4 RHSA-2006:0609 2006-08-02T00:00:00Z
seamonkey-0:1.0.3-0.el4.1 cpe:/o:redhat:enterprise_linux:4 RHSA-2006:0609 2006-08-02T00:00:00Z
firefox-0:1.5.0.5-0.el4.1 cpe:/o:redhat:enterprise_linux:4 RHSA-2006:0610 2006-07-28T00:00:00Z
thunderbird-0:1.5.0.5-0.el4.1 cpe:/o:redhat:enterprise_linux:4 RHSA-2006:0611 2006-07-29T00:00:00Z
Red Hat Enterprise Linux AS (Advanced Server) version 2.1
cpe:/o:redhat:enterprise_linux:2.1 RHSA-2006:0594 2006-08-28T00:00:00Z
Red Hat Enterprise Linux ES version 2.1
cpe:/o:redhat:enterprise_linux:2.1 RHSA-2006:0594 2006-08-28T00:00:00Z
Red Hat Enterprise Linux WS version 2.1
cpe:/o:redhat:enterprise_linux:2.1 RHSA-2006:0594 2006-08-28T00:00:00Z
Red Hat Linux Advanced Workstation 2.1
cpe:/o:redhat:enterprise_linux:2.1 RHSA-2006:0594 2006-08-28T00:00:00Z

No data.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-1159-1 New Mozilla Thunderbird packages fix several problems
Debian DSA Debian DSA DSA-1159-2 New Mozilla Thunderbird packages fix several problems
Debian DSA Debian DSA DSA-1160-1 New Mozilla packages fix several vulnerabilities
Debian DSA Debian DSA DSA-1160-2 New Mozilla packages fix several vulnerabilities
Debian DSA Debian DSA DSA-1161-1 New Mozilla Firefox packages fix several vulnerabilities
Debian DSA Debian DSA DSA-1161-2 New Mozilla Firefox packages fix several vulnerabilities
Ubuntu USN Ubuntu USN USN-327-1 firefox vulnerabilities
Ubuntu USN Ubuntu USN USN-329-1 Thunderbird vulnerabilities
Ubuntu USN Ubuntu USN USN-350-1 Thunderbird vulnerabilities
Ubuntu USN Ubuntu USN USN-361-1 Mozilla vulnerabilities
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2006-0609.html cve-icon cve-icon
http://secunia.com/advisories/19873 cve-icon cve-icon
http://secunia.com/advisories/21216 cve-icon cve-icon
http://secunia.com/advisories/21228 cve-icon cve-icon
http://secunia.com/advisories/21229 cve-icon cve-icon
http://secunia.com/advisories/21243 cve-icon cve-icon
http://secunia.com/advisories/21246 cve-icon cve-icon
http://secunia.com/advisories/21250 cve-icon cve-icon
http://secunia.com/advisories/21262 cve-icon cve-icon
http://secunia.com/advisories/21269 cve-icon cve-icon
http://secunia.com/advisories/21270 cve-icon cve-icon
http://secunia.com/advisories/21275 cve-icon cve-icon
http://secunia.com/advisories/21336 cve-icon cve-icon
http://secunia.com/advisories/21343 cve-icon cve-icon
http://secunia.com/advisories/21358 cve-icon cve-icon
http://secunia.com/advisories/21361 cve-icon cve-icon
http://secunia.com/advisories/21529 cve-icon cve-icon
http://secunia.com/advisories/21532 cve-icon cve-icon
http://secunia.com/advisories/21607 cve-icon cve-icon
http://secunia.com/advisories/21631 cve-icon cve-icon
http://secunia.com/advisories/21634 cve-icon cve-icon
http://secunia.com/advisories/21654 cve-icon cve-icon
http://secunia.com/advisories/21675 cve-icon cve-icon
http://secunia.com/advisories/22055 cve-icon cve-icon
http://secunia.com/advisories/22065 cve-icon cve-icon
http://secunia.com/advisories/22066 cve-icon cve-icon
http://secunia.com/advisories/22210 cve-icon cve-icon
http://secunia.com/advisories/22342 cve-icon cve-icon
http://security.gentoo.org/glsa/glsa-200608-02.xml cve-icon cve-icon
http://security.gentoo.org/glsa/glsa-200608-04.xml cve-icon cve-icon
http://securitytracker.com/id?1016586 cve-icon cve-icon
http://securitytracker.com/id?1016587 cve-icon cve-icon
http://securitytracker.com/id?1016588 cve-icon cve-icon
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102763-1 cve-icon cve-icon
http://www.debian.org/security/2006/dsa-1159 cve-icon cve-icon
http://www.debian.org/security/2006/dsa-1160 cve-icon cve-icon
http://www.debian.org/security/2006/dsa-1161 cve-icon cve-icon
http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml cve-icon cve-icon
http://www.kb.cert.org/vuls/id/655892 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDKSA-2006:143 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDKSA-2006:145 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDKSA-2006:146 cve-icon cve-icon
http://www.mozilla.org/security/announce/2006/mfsa2006-50.html cve-icon cve-icon
http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2006-0594.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2006-0608.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2006-0610.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2006-0611.html cve-icon cve-icon
http://www.securityfocus.com/archive/1/441333/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/archive/1/446657/100/200/threaded cve-icon cve-icon
http://www.securityfocus.com/archive/1/446658/100/200/threaded cve-icon cve-icon
http://www.securityfocus.com/bid/19181 cve-icon cve-icon
http://www.ubuntu.com/usn/usn-350-1 cve-icon cve-icon
http://www.ubuntu.com/usn/usn-354-1 cve-icon cve-icon
http://www.ubuntu.com/usn/usn-361-1 cve-icon cve-icon
http://www.us-cert.gov/cas/techalerts/TA06-208A.html cve-icon cve-icon
http://www.vupen.com/english/advisories/2006/2998 cve-icon cve-icon
http://www.vupen.com/english/advisories/2006/3748 cve-icon cve-icon
http://www.vupen.com/english/advisories/2006/3749 cve-icon cve-icon
http://www.vupen.com/english/advisories/2007/0058 cve-icon cve-icon
http://www.vupen.com/english/advisories/2008/0083 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/27987 cve-icon cve-icon
https://issues.rpath.com/browse/RPL-536 cve-icon cve-icon
https://issues.rpath.com/browse/RPL-537 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2006-3806 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11232 cve-icon cve-icon
https://usn.ubuntu.com/327-1/ cve-icon cve-icon
https://usn.ubuntu.com/329-1/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2006-3806 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2024-08-07T18:48:38.552Z

Reserved: 2006-07-24T00:00:00

Link: CVE-2006-3806

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2006-07-27T19:04:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2006-3806

cve-icon Redhat

Severity : Critical

Publid Date: 2006-07-26T00:00:00Z

Links: CVE-2006-3806 - Bugzilla

cve-icon OpenCVE Enrichment

No data.