CVE-2006-3677

Severity

75%

Complexity

99%

Confidentiality

106%

Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a crash that leads to code execution.

Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a crash that leads to code execution.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

Mozilla

First reported 18 years ago

2006-07-27 19:04:00

Last updated 6 years ago

2018-10-18 16:48:00

Affected Software

Mozilla Firefox 1.5

1.5

Mozilla Firefox 1.5.0.1

1.5.0.1

Mozilla Firefox 1.5.0.2

1.5.0.2

Mozilla Firefox 1.5.0.3

1.5.0.3

Mozilla Firefox 1.5.0.4

1.5.0.4

Mozilla SeaMonkey 1.0

1.0

Mozilla SeaMonkey 1.0.1

1.0.1

Mozilla SeaMonkey 1.0.2

1.0.2

References

20060703-01-P

RHSA-2006:0609

Vendor Advisory

19873

Patch, Vendor Advisory

21216

Patch, Vendor Advisory

21229

Patch, Vendor Advisory

21243

Vendor Advisory

21246

Vendor Advisory

21262

Vendor Advisory

21269

Vendor Advisory

21270

Vendor Advisory

21336

Vendor Advisory

21343

Vendor Advisory

21361

Vendor Advisory

21529

Vendor Advisory

21532

Vendor Advisory

21631

Vendor Advisory

22066

Vendor Advisory

22210

Vendor Advisory

GLSA-200608-02

1016586

1016587

GLSA-200608-03

VU#670060

Third Party Advisory, US Government Resource

MDKSA-2006:143

MDKSA-2006:145

http://www.mozilla.org/security/announce/2006/mfsa2006-45.html

Vendor Advisory

SUSE-SA:2006:048

RHSA-2006:0594

Vendor Advisory

RHSA-2006:0608

Vendor Advisory

RHSA-2006:0610

Vendor Advisory

RHSA-2006:0611

Vendor Advisory

20060726 ZDI-06-025: Mozilla Firefox Javascript navigator Object Vulnerability

20060727 rPSA-2006-0137-1 firefox

SSRT061181

19181

19192

Patch

USN-354-1

TA06-208A

US Government Resource

ADV-2006-2998

Vendor Advisory

ADV-2006-3748

Vendor Advisory

ADV-2008-0083

Vendor Advisory

http://www.zerodayinitiative.com/advisories/ZDI-06-025.html

Vendor Advisory

mozilla-javascript-navigator-code-excecution(27981)

iphone-mobilesafari-dos(39998)

https://issues.rpath.com/browse/RPL-536

oval:org.mitre.oval:def:10745

USN-327-1

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.