SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2006-3806

Date: (C)2006-07-27 (M)2023-12-22

Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSource method of the Object, Array, and String objects; and (2) unspecified "string function arguments."

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL

Reference:

SECTRACK-1016586

SECTRACK-1016587

SECTRACK-1016588

SUNALERT-102763

http://www.securityfocus.com/archive/1/archive/1/441333/100/0/threaded

SUSE-SA:2006:048

http://www.mozilla.org/security/announce/2006/mfsa2006-50.html

https://issues.rpath.com/browse/RPL-536

https://issues.rpath.com/browse/RPL-537

mozilla-javascript-engine-overflow(27987)

cpe:/a:mozilla:seamonkey:1.0.1
cpe:/a:mozilla:seamonkey:1.0.2
cpe:/a:mozilla:seamonkey:1.0
cpe:/a:mozilla:firefox:1.5.0.4
...

© SecPod Technologies