[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250038

 
 

909

 
 

195843

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-3807Date: (C)2006-07-27   (M)2023-12-22


Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object() constructor to return a reference to a privileged object and calling "named JavaScript functions" that use the constructor.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1016586
SECTRACK-1016587
SECTRACK-1016588
SUNALERT-102763
BID-19181
SECUNIA-19873
20060703-01-P
http://www.securityfocus.com/archive/1/archive/1/441333/100/0/threaded
SECUNIA-21216
SECUNIA-21228
SECUNIA-21229
SECUNIA-21243
SECUNIA-21246
SECUNIA-21250
SECUNIA-21262
SECUNIA-21269
SECUNIA-21270
SECUNIA-21275
SECUNIA-21336
SECUNIA-21343
SECUNIA-21358
SECUNIA-21361
SECUNIA-21529
SECUNIA-21532
SECUNIA-21607
SECUNIA-21631
SECUNIA-21634
SECUNIA-21654
SECUNIA-21675
SECUNIA-22055
SECUNIA-22065
SECUNIA-22066
SECUNIA-22210
SECUNIA-22342
ADV-2006-2998
ADV-2006-3748
ADV-2006-3749
ADV-2007-0058
ADV-2008-0083
DSA-1159
DSA-1160
DSA-1161
GLSA-200608-02
GLSA-200608-03
GLSA-200608-04
HPSBUX02153
HPSBUX02156
MDKSA-2006:143
MDKSA-2006:145
MDKSA-2006:146
RHSA-2006:0594
RHSA-2006:0608
RHSA-2006:0609
RHSA-2006:0610
RHSA-2006:0611
SSRT061181
SUSE-SA:2006:048
TA06-208A
USN-327-1
USN-329-1
USN-350-1
USN-354-1
USN-361-1
VU#687396
http://www.mozilla.org/security/announce/2006/mfsa2006-51.html
https://issues.rpath.com/browse/RPL-536
https://issues.rpath.com/browse/RPL-537
mozilla-js-constructor-code-execution(27988)

CPE    11
cpe:/a:mozilla:seamonkey:1.0.1
cpe:/a:mozilla:seamonkey:1.0.2
cpe:/a:mozilla:seamonkey:1.0
cpe:/a:mozilla:firefox:1.5.0.4
...

© SecPod Technologies