CVE-2006-3807

Published Jul 27, 2006

Last updated 6 years ago

Overview

Description: Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object() constructor to return a reference to a privileged object and calling "named JavaScript functions" that use the constructor.
Source: secalert@redhat.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ABB88E86-6E83-4A59-9266-8B98AA91774D"
          },
          {
            "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7D6BF5B1-86D1-47FE-9D9C-735718F94874"
          },
          {
            "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "84D15CE0-69DF-4EFD-801E-96A4D6AABEDB"
          },
          {
            "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CEE203DE-6C0E-4FDE-9C3A-0E73430F17DA"
          },
          {
            "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F2F38886-C25A-4C6B-93E7-36461405BA99"
          },
          {
            "criteria": "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "09E18FC0-0C8C-4FA1-85B9-B868D00F002F"
          },
          {
            "criteria": "cpe:2.3:a:mozilla:seamonkey:1.0:*:dev:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "55344F76-1C42-4DD8-A28B-1C33626C6FD2"
          },
          {
            "criteria": "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6521C877-63C9-4B6E-9FC9-1263FFBB7950"
          },
          {
            "criteria": "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D949DF0A-CBC2-40E1-AE6C-60E6F58D2481"
          },
          {
            "criteria": "cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4FB87608-0DF8-4729-95C5-CFA386AB3AC2"
          },
          {
            "criteria": "cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C99BAF7-B48E-4402-B2BF-EB07235E402E"
          },
          {
            "criteria": "cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A0ADE8D7-B3C3-4490-9CD5-0263BBA75D28"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References