CVE-2006-3809
First published: Thu Jul 27 2006(Updated: )
Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows scripts with the UniversalBrowserRead privilege to gain UniversalXPConnect privileges and possibly execute code or obtain sensitive data by reading into a privileged context.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla SeaMonkey | =1.0.1 | |
| Firefox | =1.5.0.3 | |
| Mozilla SeaMonkey | =1.0 | |
| Firefox | =1.5 | |
| Mozilla SeaMonkey | =1.0.2 | |
| Thunderbird | =1.5 | |
| Thunderbird | =1.5.0.2 | |
| Firefox | =1.5.0.2 | |
| Mozilla SeaMonkey | =1.0 | |
| Firefox | =1.5.0.4 | |
| Firefox | =1.5.0.1 | |
| Thunderbird | =1.5.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.mozilla.org/security/announce/2006/mfsa2006-53.html
- https://issues.rpath.com/browse/RPL-536
- http://www.securityfocus.com/bid/19181
- http://securitytracker.com/id?1016586
- http://securitytracker.com/id?1016587
- http://securitytracker.com/id?1016588
- http://secunia.com/advisories/19873
- http://secunia.com/advisories/21216
- http://secunia.com/advisories/21228
- http://secunia.com/advisories/21229
- http://www.redhat.com/support/errata/RHSA-2006-0608.html
- http://secunia.com/advisories/21246
- http://www.redhat.com/support/errata/RHSA-2006-0610.html
- http://www.redhat.com/support/errata/RHSA-2006-0611.html
- http://secunia.com/advisories/21243
- http://secunia.com/advisories/21269
- http://secunia.com/advisories/21270
- http://secunia.com/advisories/21275
- http://security.gentoo.org/glsa/glsa-200608-02.xml
- http://security.gentoo.org/glsa/glsa-200608-04.xml
- http://rhn.redhat.com/errata/RHSA-2006-0609.html
- http://secunia.com/advisories/21336
- http://secunia.com/advisories/21358
- http://secunia.com/advisories/21361
- http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml
- https://issues.rpath.com/browse/RPL-537
- http://secunia.com/advisories/21250
- http://secunia.com/advisories/21262
- http://secunia.com/advisories/21343
- http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html
- http://secunia.com/advisories/21529
- http://secunia.com/advisories/21532
- http://secunia.com/advisories/21607
- http://www.debian.org/security/2006/dsa-1159
- http://www.redhat.com/support/errata/RHSA-2006-0594.html
- http://secunia.com/advisories/21631
- http://secunia.com/advisories/21654
- http://www.debian.org/security/2006/dsa-1160
- http://www.debian.org/security/2006/dsa-1161
- http://secunia.com/advisories/21634
- http://secunia.com/advisories/21675
- http://www.ubuntu.com/usn/usn-350-1
- http://www.ubuntu.com/usn/usn-354-1
- http://secunia.com/advisories/22055
- http://secunia.com/advisories/22210
- http://www.ubuntu.com/usn/usn-361-1
- http://secunia.com/advisories/22342
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:143
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:145
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:146
- http://secunia.com/advisories/22065
- http://secunia.com/advisories/22066
- http://www.vupen.com/english/advisories/2006/3749
- http://www.vupen.com/english/advisories/2006/3748
- http://www.vupen.com/english/advisories/2008/0083
- http://www.vupen.com/english/advisories/2006/2998
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27990
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9753
- https://usn.ubuntu.com/329-1/
- https://usn.ubuntu.com/327-1/
- http://www.securityfocus.com/archive/1/446658/100/200/threaded
- http://www.securityfocus.com/archive/1/446657/100/200/threaded
- http://www.securityfocus.com/archive/1/441333/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-3809?
CVE-2006-3809 is classified as a medium severity vulnerability due to the potential for unauthorized code execution and data exposure.
How do I fix CVE-2006-3809?
To fix CVE-2006-3809, upgrade Mozilla Firefox, Thunderbird, or SeaMonkey to the latest version, specifically versions 1.5.0.5 or later for Firefox and Thunderbird, and 1.0.3 or later for SeaMonkey.
What does CVE-2006-3809 affect?
CVE-2006-3809 affects specific versions of Mozilla Firefox, Thunderbird, and SeaMonkey, particularly those prior to 1.5.0.5 and 1.0.3 respectively.
What type of attack is possible with CVE-2006-3809?
An attacker can use CVE-2006-3809 to exploit the vulnerability and execute arbitrary code or access sensitive information due to inappropriate privilege escalation.
Who is affected by CVE-2006-3809?
Users of Mozilla Firefox, Thunderbird, and SeaMonkey versions earlier than the specified patched versions are at risk from CVE-2006-3809.
- agent/type
- agent/remedy
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/mozilla
- canonical/mozilla seamonkey
- version/mozilla seamonkey/1.0.1
- canonical/firefox
- version/firefox/1.5.0.3
- version/mozilla seamonkey/1.0
- version/firefox/1.5
- version/mozilla seamonkey/1.0.2
- canonical/thunderbird
- version/thunderbird/1.5
- version/thunderbird/1.5.0.2
- version/firefox/1.5.0.2
- version/firefox/1.5.0.4
- version/firefox/1.5.0.1
- version/thunderbird/1.5.0.4