Vulnerability Details : CVE-2006-3806
Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSource method of the Object, Array, and String objects; and (2) unspecified "string function arguments."
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2006-3806
Probability of exploitation activity in the next 30 days: 97.44%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2006-3806
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2006-3806
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2006-3806
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/27987
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11232
-
http://www.redhat.com/support/errata/RHSA-2006-0610.html
Vendor Advisory
-
http://www.us-cert.gov/cas/techalerts/TA06-208A.html
US Government Resource
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:146
- http://www.ubuntu.com/usn/usn-354-1
- http://www.vupen.com/english/advisories/2006/2998
- http://www.ubuntu.com/usn/usn-361-1
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:145
-
http://www.mozilla.org/security/announce/2006/mfsa2006-50.html
Vendor Advisory
- http://www.vupen.com/english/advisories/2006/3749
-
http://www.kb.cert.org/vuls/id/655892
Third Party Advisory;US Government Resource
-
http://www.vupen.com/english/advisories/2008/0083
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
- http://www.debian.org/security/2006/dsa-1161
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:143
- http://www.debian.org/security/2006/dsa-1159
-
http://rhn.redhat.com/errata/RHSA-2006-0609.html
Vendor Advisory
- http://www.ubuntu.com/usn/usn-350-1
-
http://www.redhat.com/support/errata/RHSA-2006-0611.html
Vendor Advisory
- http://securitytracker.com/id?1016587
- http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml
- http://securitytracker.com/id?1016588
- https://usn.ubuntu.com/329-1/
- ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc
- http://securitytracker.com/id?1016586
- http://www.debian.org/security/2006/dsa-1160
- https://issues.rpath.com/browse/RPL-536
- http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html
-
http://www.redhat.com/support/errata/RHSA-2006-0608.html
Vendor Advisory
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102763-1
- https://usn.ubuntu.com/327-1/
- http://security.gentoo.org/glsa/glsa-200608-02.xml
- http://security.gentoo.org/glsa/glsa-200608-04.xml
- http://www.vupen.com/english/advisories/2006/3748
- http://www.redhat.com/support/errata/RHSA-2006-0594.html
- http://www.securityfocus.com/archive/1/441333/100/0/threaded
- http://www.securityfocus.com/archive/1/446657/100/200/threaded
- https://issues.rpath.com/browse/RPL-537
- http://www.securityfocus.com/bid/19181
- http://www.securityfocus.com/archive/1/446658/100/200/threaded
- http://www.vupen.com/english/advisories/2007/0058
Products affected by CVE-2006-3806
- cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:*:dev:*:*:*:*:*