Vulnerability Details : CVE-2006-3811
Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Javascript that leads to memory corruption, including (1) nsListControlFrame::FireMenuItemActiveEvent, (2) buffer overflows in the string class in out-of-memory conditions, (3) table row and column groups, (4) "anonymous box selectors outside of UA stylesheets," (5) stale references to "removed nodes," and (6) running the crypto.generateCRMFRequest callback on deleted context.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2006-3811
Probability of exploitation activity in the next 30 days: 68.56%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2006-3811
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2006-3811
- http://www.redhat.com/support/errata/RHSA-2006-0610.html
-
http://www.us-cert.gov/cas/techalerts/TA06-208A.html
US Government Resource
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:146
- http://www.ubuntu.com/usn/usn-354-1
- http://www.vupen.com/english/advisories/2006/2998
- http://www.ubuntu.com/usn/usn-361-1
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:145
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9934
- http://www.vupen.com/english/advisories/2006/3749
-
http://www.vupen.com/english/advisories/2008/0083
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
- http://www.debian.org/security/2006/dsa-1161
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:143
- http://rhn.redhat.com/errata/RHSA-2006-0609.html
- http://www.ubuntu.com/usn/usn-350-1
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/27992
-
http://www.mozilla.org/security/announce/2006/mfsa2006-55.html
Vendor Advisory
- http://www.redhat.com/support/errata/RHSA-2006-0611.html
- http://securitytracker.com/id?1016587
- http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml
- http://securitytracker.com/id?1016588
- https://usn.ubuntu.com/329-1/
-
ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc
Vendor Advisory
- http://securitytracker.com/id?1016586
- https://issues.rpath.com/browse/RPL-536
- http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html
- http://www.redhat.com/support/errata/RHSA-2006-0608.html
- https://usn.ubuntu.com/327-1/
-
http://www.kb.cert.org/vuls/id/527676
US Government Resource
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102971-1
- http://security.gentoo.org/glsa/glsa-200608-02.xml
- http://security.gentoo.org/glsa/glsa-200608-04.xml
- http://www.vupen.com/english/advisories/2006/3748
- http://www.redhat.com/support/errata/RHSA-2006-0594.html
- http://www.securityfocus.com/archive/1/441333/100/0/threaded
- http://www.securityfocus.com/archive/1/446657/100/200/threaded
- https://issues.rpath.com/browse/RPL-537
-
http://www.vupen.com/english/advisories/2007/2350
- http://www.securityfocus.com/bid/19181
- http://www.securityfocus.com/archive/1/446658/100/200/threaded
Products affected by CVE-2006-3811
- cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:*:dev:*:*:*:*:*