Vulnerability Details : CVE-2006-3677
Public exploit exists!
Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a crash that leads to code execution.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2006-3677
Probability of exploitation activity in the next 30 days: 97.33%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2006-3677
-
Mozilla Suite/Firefox Navigator Object Code Execution
Disclosure Date: 2006-07-25First seen: 2020-04-26exploit/multi/browser/mozilla_navigatorjavaThis module exploits a code execution vulnerability in the Mozilla Suite, Mozilla Firefox, and Mozilla Thunderbird applications. This exploit requires the Java plugin to be installed. Authors: - hdm <x@hdm.io>
CVSS scores for CVE-2006-3677
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2006-3677
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2006-3677
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/27981
-
http://www.redhat.com/support/errata/RHSA-2006-0610.html
Vendor Advisory
-
http://www.us-cert.gov/cas/techalerts/TA06-208A.html
US Government Resource
- http://www.ubuntu.com/usn/usn-354-1
-
http://www.vupen.com/english/advisories/2006/2998
Vendor Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:145
-
http://www.vupen.com/english/advisories/2008/0083
Webmail: access your OVH emails on ovhcloud.com | OVHcloudVendor Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:143
-
http://rhn.redhat.com/errata/RHSA-2006-0609.html
Vendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2006-0611.html
Vendor Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10745
- http://securitytracker.com/id?1016587
- http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml
-
http://www.securityfocus.com/archive/1/441332/100/0/threaded
- ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc
-
http://www.securityfocus.com/bid/19192
Mozilla Firefox Javascript Navigator Object Remote Code Execution VulnerabilityPatch
- http://securitytracker.com/id?1016586
- https://issues.rpath.com/browse/RPL-536
- http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html
-
http://www.redhat.com/support/errata/RHSA-2006-0608.html
Vendor Advisory
- https://usn.ubuntu.com/327-1/
-
http://www.mozilla.org/security/announce/2006/mfsa2006-45.html
Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39998
- http://security.gentoo.org/glsa/glsa-200608-02.xml
-
http://www.vupen.com/english/advisories/2006/3748
Vendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2006-0594.html
Vendor Advisory
- http://www.securityfocus.com/archive/1/441333/100/0/threaded
-
http://www.zerodayinitiative.com/advisories/ZDI-06-025.html
Vendor Advisory
-
http://www.kb.cert.org/vuls/id/670060
Third Party Advisory;US Government Resource
- http://www.securityfocus.com/bid/19181
- http://www.securityfocus.com/archive/1/446658/100/200/threaded
Products affected by CVE-2006-3677
- cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:*:dev:*:*:*:*:*