[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-3677Date: (C)2006-07-27   (M)2023-12-22


Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a crash that leads to code execution.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1016586
SECTRACK-1016587
BID-19181
BID-19192
SECUNIA-19873
20060703-01-P
http://www.securityfocus.com/archive/1/archive/1/441332/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/441333/100/0/threaded
SECUNIA-21216
SECUNIA-21229
SECUNIA-21243
SECUNIA-21246
SECUNIA-21262
SECUNIA-21269
SECUNIA-21270
SECUNIA-21336
SECUNIA-21343
SECUNIA-21361
SECUNIA-21529
SECUNIA-21532
SECUNIA-21631
SECUNIA-22066
SECUNIA-22210
ADV-2006-2998
ADV-2006-3748
ADV-2008-0083
GLSA-200608-02
GLSA-200608-03
HPSBUX02153
MDKSA-2006:143
MDKSA-2006:145
RHSA-2006:0594
RHSA-2006:0608
RHSA-2006:0609
RHSA-2006:0610
RHSA-2006:0611
SSRT061181
SUSE-SA:2006:048
TA06-208A
USN-327-1
USN-354-1
VU#670060
http://www.mozilla.org/security/announce/2006/mfsa2006-45.html
http://www.zerodayinitiative.com/advisories/ZDI-06-025.html
https://issues.rpath.com/browse/RPL-536
iphone-mobilesafari-dos(39998)
mozilla-javascript-navigator-code-excecution(27981)

CPE    8
cpe:/a:mozilla:seamonkey:1.0.1
cpe:/a:mozilla:seamonkey:1.0.2
cpe:/a:mozilla:seamonkey:1.0
cpe:/a:mozilla:firefox:1.5.0.4
...
CWE    1
CWE-16

© SecPod Technologies