CVE-2006-3806: Integer Overflow
First published: Thu Jul 27 2006(Updated: )
Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSource method of the Object, Array, and String objects; and (2) unspecified "string function arguments."
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla SeaMonkey | =1.0.1 | |
| Firefox | =1.5.0.3 | |
| Mozilla SeaMonkey | =1.0 | |
| Firefox | =1.5 | |
| Mozilla SeaMonkey | =1.0.2 | |
| Thunderbird | =1.5 | |
| Thunderbird | =1.5.0.2 | |
| Firefox | =1.5.0.2 | |
| Mozilla SeaMonkey | =1.0 | |
| Firefox | =1.5.0.4 | |
| Firefox | =1.5.0.1 | |
| Thunderbird | =1.5.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.mozilla.org/security/announce/2006/mfsa2006-50.html
- http://www.kb.cert.org/vuls/id/655892
- https://issues.rpath.com/browse/RPL-536
- http://www.securityfocus.com/bid/19181
- http://securitytracker.com/id?1016586
- http://securitytracker.com/id?1016587
- http://securitytracker.com/id?1016588
- http://secunia.com/advisories/19873
- http://secunia.com/advisories/21216
- http://secunia.com/advisories/21228
- http://secunia.com/advisories/21229
- http://www.redhat.com/support/errata/RHSA-2006-0608.html
- http://www.us-cert.gov/cas/techalerts/TA06-208A.html
- http://secunia.com/advisories/21246
- http://www.redhat.com/support/errata/RHSA-2006-0610.html
- http://www.redhat.com/support/errata/RHSA-2006-0611.html
- http://secunia.com/advisories/21243
- http://secunia.com/advisories/21269
- http://secunia.com/advisories/21270
- http://secunia.com/advisories/21275
- http://security.gentoo.org/glsa/glsa-200608-02.xml
- http://security.gentoo.org/glsa/glsa-200608-04.xml
- http://rhn.redhat.com/errata/RHSA-2006-0609.html
- http://secunia.com/advisories/21336
- http://secunia.com/advisories/21358
- http://secunia.com/advisories/21361
- http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml
- https://issues.rpath.com/browse/RPL-537
- http://secunia.com/advisories/21250
- http://secunia.com/advisories/21262
- http://secunia.com/advisories/21343
- http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html
- http://secunia.com/advisories/21529
- http://secunia.com/advisories/21532
- http://secunia.com/advisories/21607
- http://www.debian.org/security/2006/dsa-1159
- http://www.redhat.com/support/errata/RHSA-2006-0594.html
- http://secunia.com/advisories/21631
- http://secunia.com/advisories/21654
- http://www.debian.org/security/2006/dsa-1160
- http://www.debian.org/security/2006/dsa-1161
- http://secunia.com/advisories/21634
- http://secunia.com/advisories/21675
- http://www.ubuntu.com/usn/usn-350-1
- http://www.ubuntu.com/usn/usn-354-1
- http://secunia.com/advisories/22055
- http://secunia.com/advisories/22210
- http://www.ubuntu.com/usn/usn-361-1
- http://secunia.com/advisories/22342
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102763-1
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:143
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:145
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:146
- http://secunia.com/advisories/22065
- http://secunia.com/advisories/22066
- http://www.vupen.com/english/advisories/2006/3749
- http://www.vupen.com/english/advisories/2006/3748
- http://www.vupen.com/english/advisories/2007/0058
- http://www.vupen.com/english/advisories/2008/0083
- http://www.vupen.com/english/advisories/2006/2998
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27987
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11232
- https://usn.ubuntu.com/329-1/
- https://usn.ubuntu.com/327-1/
- http://www.securityfocus.com/archive/1/446658/100/200/threaded
- http://www.securityfocus.com/archive/1/446657/100/200/threaded
- http://www.securityfocus.com/archive/1/441333/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-3806?
CVE-2006-3806 is classified as a high severity vulnerability due to the potential for remote code execution.
How do I fix CVE-2006-3806?
To fix CVE-2006-3806, users should update their Mozilla Firefox, Thunderbird, or SeaMonkey to the latest version that addresses this vulnerability.
Which software versions are affected by CVE-2006-3806?
CVE-2006-3806 affects Mozilla Firefox versions prior to 1.5.0.5, Mozilla Thunderbird versions prior to 1.5.0.5, and SeaMonkey versions prior to 1.0.3.
Can CVE-2006-3806 be exploited remotely?
Yes, CVE-2006-3806 can be exploited remotely by attackers to execute arbitrary code on a vulnerable system.
Is there a workaround for CVE-2006-3806?
There are no effective workarounds for CVE-2006-3806; the recommended action is to update to a secure version.
- agent/type
- agent/references
- agent/remedy
- agent/author
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/mozilla
- canonical/mozilla seamonkey
- version/mozilla seamonkey/1.0.1
- canonical/firefox
- version/firefox/1.5.0.3
- version/mozilla seamonkey/1.0
- version/firefox/1.5
- version/mozilla seamonkey/1.0.2
- canonical/thunderbird
- version/thunderbird/1.5
- version/thunderbird/1.5.0.2
- version/firefox/1.5.0.2
- version/firefox/1.5.0.4
- version/firefox/1.5.0.1
- version/thunderbird/1.5.0.4