CVE-2006-3811

Severity

75%

Complexity

99%

Confidentiality

106%

Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Javascript that leads to memory corruption, including (1) nsListControlFrame::FireMenuItemActiveEvent, (2) buffer overflows in the string class in out-of-memory conditions, (3) table row and column groups, (4) "anonymous box selectors outside of UA stylesheets," (5) stale references to "removed nodes," and (6) running the crypto.generateCRMFRequest callback on deleted context.

Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Javascript that leads to memory corruption, including (1) nsListControlFrame::FireMenuItemActiveEvent, (2) buffer overflows in the string class in out-of-memory conditions, (3) table row and column groups, (4) "anonymous box selectors outside of UA stylesheets," (5) stale references to "removed nodes," and (6) running the crypto.generateCRMFRequest callback on deleted context.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

Mozilla

First reported 18 years ago

2006-07-27 20:04:00

Last updated 6 years ago

2018-10-17 21:31:00

Affected Software

Mozilla Firefox 1.5

1.5

Mozilla Firefox 1.5.0.1

1.5.0.1

Mozilla Firefox 1.5.0.2

1.5.0.2

Mozilla Firefox 1.5.0.3

1.5.0.3

Mozilla Firefox 1.5.0.4

1.5.0.4

Mozilla SeaMonkey 1.0

1.0

Mozilla SeaMonkey 1.0.1

1.0.1

Mozilla SeaMonkey 1.0.2

1.0.2

Mozilla Thunderbird 1.5

1.5

Mozilla Thunderbird 1.5.0.2

1.5.0.2

Mozilla Thunderbird 1.5.0.4

1.5.0.4

References

20060703-01-P

Vendor Advisory

RHSA-2006:0609

19873

Patch, Vendor Advisory

21216

Patch, Vendor Advisory

21228

Patch, Vendor Advisory

21229

Patch, Vendor Advisory

21243

21246

21250

Vendor Advisory

21262

Vendor Advisory

21269

21270

21275

21336

Vendor Advisory

21343

Vendor Advisory

21358

Vendor Advisory

21361

Vendor Advisory

21529

Vendor Advisory

21532

21607

21631

21675

22055

22065

22066

22210

22342

25839

GLSA-200608-02

GLSA-200608-04

1016586

1016587

1016588

102971

DSA-1161

GLSA-200608-03

VU#527676

US Government Resource

MDKSA-2006:143

MDKSA-2006:145

MDKSA-2006:146

http://www.mozilla.org/security/announce/2006/mfsa2006-55.html

Vendor Advisory

SUSE-SA:2006:048

RHSA-2006:0594

RHSA-2006:0608

RHSA-2006:0610

RHSA-2006:0611

20060727 rPSA-2006-0137-1 firefox

SSRT061236

SSRT061181

19181

Patch

USN-350-1

USN-354-1

USN-361-1

TA06-208A

US Government Resource

ADV-2006-2998

ADV-2006-3748

ADV-2006-3749

ADV-2007-2350

ADV-2008-0083

mozilla-multiple-memory-corruption(27992)

https://issues.rpath.com/browse/RPL-536

https://issues.rpath.com/browse/RPL-537

oval:org.mitre.oval:def:9934

USN-327-1

USN-329-1

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.