[Forgot Password]
Login  Register Subscribe

23631

 
 

126941

 
 

98503

 
 

909

 
 

79321

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2006-3806

Date: (C)2006-07-27   (M)2017-10-12 


Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSource method of the Object, Array, and String objects; and (2) unspecified "string function arguments."

CVSS Score: 7.5Access Vector: NETWORK
Exploit Score: 10.0Access Complexity: LOW
Impact Score: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL





Reference:
SECTRACK-1016586
SECTRACK-1016587
SECTRACK-1016588
SUNALERT-102763
BID-19181
SECUNIA-19873
20060703-01-P
http://www.securityfocus.com/archive/1/archive/1/441333/100/0/threaded
SECUNIA-21216
SECUNIA-21228
SECUNIA-21229
SECUNIA-21243
SECUNIA-21246
SECUNIA-21250
SECUNIA-21262
SECUNIA-21269
SECUNIA-21270
SECUNIA-21275
SECUNIA-21336
SECUNIA-21343
SECUNIA-21358
SECUNIA-21361
SECUNIA-21529
SECUNIA-21532
SECUNIA-21607
SECUNIA-21631
SECUNIA-21634
SECUNIA-21654
SECUNIA-21675
SECUNIA-22055
SECUNIA-22065
SECUNIA-22066
SECUNIA-22210
SECUNIA-22342
ADV-2006-2998
ADV-2006-3748
ADV-2006-3749
ADV-2007-0058
ADV-2008-0083
DSA-1159
DSA-1160
DSA-1161
GLSA-200608-02
GLSA-200608-03
GLSA-200608-04
HPSBUX02156
MDKSA-2006:143
MDKSA-2006:145
MDKSA-2006:146
RHSA-2006:0594
RHSA-2006:0608
RHSA-2006:0609
RHSA-2006:0610
RHSA-2006:0611
SSRT061181
SSRT061236
SUSE-SA:2006:048
TA06-208A
USN-327-1
USN-329-1
USN-350-1
USN-354-1
USN-361-1
VU#655892
http://www.mozilla.org/security/announce/2006/mfsa2006-50.html
https://issues.rpath.com/browse/RPL-536
https://issues.rpath.com/browse/RPL-537
mozilla-javascript-engine-overflow(27987)

CPE    11
cpe:/a:mozilla:seamonkey:1.0.1
cpe:/a:mozilla:seamonkey:1.0.2
cpe:/a:mozilla:seamonkey:1.0
cpe:/a:mozilla:firefox:1.5.0.4
...
CWE    1
CWE-189

© 2013 SecPod Technologies