National Vulnerability Database (NVD) National Vulnerability Database (CVE-2006-3805)

National Cyber Awareness System

Vulnerability Summary for CVE-2006-3805

Original release date:07/27/2006

Last revised:03/08/2011

Source: US-CERT/NIST

Overview

The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used.

Impact

CVSS Severity (version 2.0 upgrade from v1.0):

CVSS v2 Base Score:7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type:Provides user account access, Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Technical Alert: TA06-208A

Name: TA06-208A

Hyperlink:http://www.us-cert.gov/cas/techalerts/TA06-208A.html

US-CERT Vulnerability Note: VU#876420

Name: VU#876420

Hyperlink:http://www.kb.cert.org/vuls/id/876420

External Source: BID

Name: 19181

Type: Patch Information

Hyperlink:http://www.securityfocus.com/bid/19181

External Source: SECUNIA

Name: 21229

Type: Advisory; Patch Information

Hyperlink:http://secunia.com/advisories/21229

External Source: SECUNIA

Name: 21228

Type: Advisory; Patch Information

Hyperlink:http://secunia.com/advisories/21228

External Source: SECUNIA

Name: 21216

Type: Advisory; Patch Information

Hyperlink:http://secunia.com/advisories/21216

External Source: SECUNIA

Name: 19873

Type: Advisory; Patch Information

Hyperlink:http://secunia.com/advisories/19873

External Source: CONFIRM

Name: https://issues.rpath.com/browse/RPL-537

Hyperlink:https://issues.rpath.com/browse/RPL-537

External Source: CONFIRM

Name: https://issues.rpath.com/browse/RPL-536

Hyperlink:https://issues.rpath.com/browse/RPL-536

External Source: XF

Name: mozilla-garbage-collection-object-deletion(27986)

Hyperlink:http://xforce.iss.net/xforce/xfdb/27986

External Source: VUPEN

Name: ADV-2008-0083

Hyperlink:http://www.vupen.com/english/advisories/2008/0083

External Source: VUPEN

Name: ADV-2006-3749

Hyperlink:http://www.vupen.com/english/advisories/2006/3749

External Source: VUPEN

Name: ADV-2006-3748

Hyperlink:http://www.vupen.com/english/advisories/2006/3748

External Source: VUPEN

Name: ADV-2006-2998

Hyperlink:http://www.vupen.com/english/advisories/2006/2998

External Source: UBUNTU

Name: USN-329-1

Hyperlink:http://www.ubuntulinux.org/support/documentation/usn/usn-329-1

External Source: UBUNTU

Name: USN-327-1

Hyperlink:http://www.ubuntulinux.org/support/documentation/usn/usn-327-1

External Source: HP

Name: SSRT061181

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/446658/100/200/threaded

External Source: HP

Name: HPSBUX02156

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/446657/100/200/threaded

External Source: BUGTRAQ

Name: 20060727 rPSA-2006-0137-1 firefox

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/441333/100/0/threaded

External Source: REDHAT

Name: RHSA-2006:0611

Hyperlink:http://www.redhat.com/support/errata/RHSA-2006-0611.html

External Source: REDHAT

Name: RHSA-2006:0610

Hyperlink:http://www.redhat.com/support/errata/RHSA-2006-0610.html

External Source: REDHAT

Name: RHSA-2006:0608

Hyperlink:http://www.redhat.com/support/errata/RHSA-2006-0608.html

External Source: SUSE

Name: SUSE-SA:2006:048

Hyperlink:http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html

External Source: CONFIRM

Name: http://www.mozilla.org/security/announce/2006/mfsa2006-50.html

Type: Advisory

Hyperlink:http://www.mozilla.org/security/announce/2006/mfsa2006-50.html

External Source: GENTOO

Name: GLSA-200608-03

Hyperlink:http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml

External Source: SECTRACK

Name: 1016588

Hyperlink:http://securitytracker.com/id?1016588

External Source: SECTRACK

Name: 1016587

Hyperlink:http://securitytracker.com/id?1016587

External Source: SECTRACK

Name: 1016586

Hyperlink:http://securitytracker.com/id?1016586

External Source: GENTOO

Name: GLSA-200608-04

Hyperlink:http://security.gentoo.org/glsa/glsa-200608-04.xml

External Source: GENTOO

Name: GLSA-200608-02

Hyperlink:http://security.gentoo.org/glsa/glsa-200608-02.xml

External Source: SECUNIA

Name: 21607

Hyperlink:http://secunia.com/advisories/21607

External Source: SECUNIA

Name: 21532

Hyperlink:http://secunia.com/advisories/21532

External Source: SECUNIA

Name: 21529

Hyperlink:http://secunia.com/advisories/21529

External Source: SECUNIA

Name: 21361

Hyperlink:http://secunia.com/advisories/21361

External Source: SECUNIA

Name: 21358

Hyperlink:http://secunia.com/advisories/21358

External Source: SECUNIA

Name: 21343

Hyperlink:http://secunia.com/advisories/21343

External Source: SECUNIA

Name: 21336

Hyperlink:http://secunia.com/advisories/21336

External Source: SECUNIA

Name: 21275

Hyperlink:http://secunia.com/advisories/21275

External Source: SECUNIA

Name: 21270

Hyperlink:http://secunia.com/advisories/21270

External Source: SECUNIA

Name: 21269

Hyperlink:http://secunia.com/advisories/21269

External Source: SECUNIA

Name: 21262

Hyperlink:http://secunia.com/advisories/21262

External Source: SECUNIA

Name: 21250

Hyperlink:http://secunia.com/advisories/21250

External Source: SECUNIA

Name: 21246

Hyperlink:http://secunia.com/advisories/21246

External Source: SECUNIA

Name: 21243

Hyperlink:http://secunia.com/advisories/21243

External Source: REDHAT

Name: RHSA-2006:0609

Hyperlink:http://rhn.redhat.com/errata/RHSA-2006-0609.html

External Source: OVAL

Name: oval:org.mitre.oval:def:10690

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10690

External Source: SGI

Name: 20060703-01-P

Hyperlink:ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc

External Source: UBUNTU

Name: USN-361-1

Hyperlink:http://www.ubuntu.com/usn/usn-361-1

External Source: UBUNTU

Name: USN-354-1

Hyperlink:http://www.ubuntu.com/usn/usn-354-1

External Source: UBUNTU

Name: USN-350-1

Hyperlink:http://www.ubuntu.com/usn/usn-350-1

External Source: HP

Name: SSRT061181

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/446658/100/200/threaded

External Source: HP

Name: SSRT061236

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/446657/100/200/threaded

External Source: REDHAT

Name: RHSA-2006:0594

Hyperlink:http://www.redhat.com/support/errata/RHSA-2006-0594.html

External Source: MANDRIVA

Name: MDKSA-2006:146

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2006:146

External Source: MANDRIVA

Name: MDKSA-2006:145

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2006:145

External Source: MANDRIVA

Name: MDKSA-2006:143

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2006:143

External Source: DEBIAN

Name: DSA-1161

Hyperlink:http://www.debian.org/security/2006/dsa-1161

External Source: DEBIAN

Name: DSA-1160

Hyperlink:http://www.debian.org/security/2006/dsa-1160

External Source: DEBIAN

Name: DSA-1159

Hyperlink:http://www.debian.org/security/2006/dsa-1159

External Source: SUNALERT

Name: 102763

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102763-1

External Source: SECUNIA

Name: 22342

Hyperlink:http://secunia.com/advisories/22342

External Source: SECUNIA

Name: 22210

Hyperlink:http://secunia.com/advisories/22210

External Source: SECUNIA

Name: 22066

Hyperlink:http://secunia.com/advisories/22066

External Source: SECUNIA

Name: 22065

Hyperlink:http://secunia.com/advisories/22065

External Source: SECUNIA

Name: 22055

Hyperlink:http://secunia.com/advisories/22055

External Source: SECUNIA

Name: 21675

Hyperlink:http://secunia.com/advisories/21675

External Source: SECUNIA

Name: 21654

Hyperlink:http://secunia.com/advisories/21654

External Source: SECUNIA

Name: 21634

Hyperlink:http://secunia.com/advisories/21634

External Source: SECUNIA

Name: 21631

Hyperlink:http://secunia.com/advisories/21631

References to Check Content

Identifier:oval:org.mitre.oval:def:10690

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10690

Vulnerable software and versions

Configuration 1

* cpe:/a:mozilla:firefox:1.5

* cpe:/a:mozilla:firefox:1.5.0.1

* cpe:/a:mozilla:firefox:1.5.0.2

* cpe:/a:mozilla:firefox:1.5.0.3

* cpe:/a:mozilla:firefox:1.5.0.4

* cpe:/a:mozilla:seamonkey:1.0

* cpe:/a:mozilla:seamonkey:1.0.1

* cpe:/a:mozilla:seamonkey:1.0.2

* cpe:/a:mozilla:seamonkey:1.0::dev

* cpe:/a:mozilla:thunderbird:1.5

* cpe:/a:mozilla:thunderbird:1.5.0.2

* cpe:/a:mozilla:thunderbird:1.5.0.4

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3805