CVE-2006-3812

Severity

26%

Complexity

49%

Confidentiality

48%

Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to reference remote files and possibly load chrome: URLs by tricking the user into copying or dragging links.

Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to reference remote files and possibly load chrome: URLs by tricking the user into copying or dragging links.

CVSS 2.0 Base Score 2.6. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N).

Overview

Type

Mozilla

First reported 18 years ago

2006-07-29 00:04:00

Last updated 6 years ago

2018-10-17 21:31:00

Affected Software

Mozilla Firefox 1.5

1.5

Mozilla Firefox 1.5 Beta 1

1.5

Mozilla Firefox 1.5 Beta 2

1.5

Mozilla Firefox 1.5.0.1

1.5.0.1

Mozilla Firefox 1.5.0.2

1.5.0.2

Mozilla Firefox 1.5.0.3

1.5.0.3

Mozilla Firefox 1.5.0.4

1.5.0.4

Mozilla SeaMonkey 1.0

1.0

Mozilla SeaMonkey 1.0 beta

1.0

Mozilla SeaMonkey 1.0.1

1.0.1

Mozilla SeaMonkey 1.0.2

1.0.2

Mozilla Thunderbird 1.5

1.5

Mozilla Thunderbird 1.5 Beta 2

1.5

Mozilla Thunderbird 1.5.0.2

1.5.0.2

Mozilla Thunderbird 1.5.0.4

1.5.0.4

References

20060703-01-P

RHSA-2006:0609

19873

Patch, Vendor Advisory

21216

Patch, Vendor Advisory

21229

Patch, Vendor Advisory

21243

21246

21262

21270

21275

21336

21343

21361

21529

21532

21607

21631

22055

22066

22210

GLSA-200608-02

GLSA-200608-04

1016586

Patch

1016587

Patch

GLSA-200608-03

VU#398492

US Government Resource

MDKSA-2006:143

MDKSA-2006:145

MDKSA-2006:146

http://www.mozilla.org/security/announce/2006/mfsa2006-56.html

SUSE-SA:2006:048

RHSA-2006:0594

RHSA-2006:0608

RHSA-2006:0610

20060727 rPSA-2006-0137-1 firefox

SSRT061181

19181

Patch

USN-350-1

USN-354-1

ADV-2006-3748

ADV-2008-0083

mozilla-chrome-information-disclosure(27993)

https://issues.rpath.com/browse/RPL-536

Patch

oval:org.mitre.oval:def:11013

USN-327-1

USN-329-1

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.