First published: Thu Jul 27 2006(Updated: )
Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 does not properly clear a JavaScript reference to a frame or window, which leaves a pointer to a deleted object that allows remote attackers to execute arbitrary native code.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Firefox | =1.5 | |
Firefox | =1.5.0.1 | |
Firefox | =1.5.0.2 | |
Firefox | =1.5.0.3 | |
Firefox | =1.5.0.4 | |
Mozilla SeaMonkey | =1.0 | |
Mozilla SeaMonkey | =1.0 | |
Mozilla SeaMonkey | =1.0.1 | |
Mozilla SeaMonkey | =1.0.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2006-3801 is considered a moderate severity vulnerability.
To fix CVE-2006-3801, upgrade to Mozilla Firefox version 1.5.0.5 or, for SeaMonkey, version 1.0.3 or later.
Mozilla Firefox versions 1.5, 1.5.0.1, 1.5.0.2, 1.5.0.3, and 1.5.0.4 are all vulnerable to CVE-2006-3801.
SeaMonkey versions 1.0, 1.0.1, and 1.0.2 are affected by CVE-2006-3801.
Yes, CVE-2006-3801 allows remote attackers to execute arbitrary native code under certain conditions.