CVE-2006-3810: XSS
First published: Thu Jul 27 2006(Updated: )
Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the XPCNativeWrapper(window).Function construct.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla SeaMonkey | =1.0.1 | |
| Firefox | =1.5.0.3 | |
| Mozilla SeaMonkey | =1.0 | |
| Firefox | =1.5 | |
| Mozilla SeaMonkey | =1.0.2 | |
| Thunderbird | =1.5 | |
| Thunderbird | =1.5.0.2 | |
| Firefox | =1.5.0.2 | |
| Mozilla SeaMonkey | =1.0 | |
| Firefox | =1.5.0.4 | |
| Firefox | =1.5.0.1 | |
| Thunderbird | =1.5.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.mozilla.org/security/announce/2006/mfsa2006-54.html
- https://issues.rpath.com/browse/RPL-536
- http://www.securityfocus.com/bid/19181
- http://securitytracker.com/id?1016586
- http://securitytracker.com/id?1016587
- http://securitytracker.com/id?1016588
- http://secunia.com/advisories/19873
- http://secunia.com/advisories/21216
- http://secunia.com/advisories/21228
- http://secunia.com/advisories/21229
- http://www.redhat.com/support/errata/RHSA-2006-0608.html
- http://secunia.com/advisories/21246
- http://www.redhat.com/support/errata/RHSA-2006-0610.html
- http://www.redhat.com/support/errata/RHSA-2006-0611.html
- http://www.kb.cert.org/vuls/id/911004
- http://secunia.com/advisories/21243
- http://secunia.com/advisories/21269
- http://secunia.com/advisories/21270
- http://secunia.com/advisories/21275
- http://security.gentoo.org/glsa/glsa-200608-02.xml
- http://security.gentoo.org/glsa/glsa-200608-04.xml
- http://rhn.redhat.com/errata/RHSA-2006-0609.html
- http://secunia.com/advisories/21336
- http://secunia.com/advisories/21358
- http://secunia.com/advisories/21361
- http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml
- https://issues.rpath.com/browse/RPL-537
- http://secunia.com/advisories/21250
- http://secunia.com/advisories/21262
- http://secunia.com/advisories/21343
- http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html
- http://secunia.com/advisories/21529
- http://secunia.com/advisories/21532
- http://secunia.com/advisories/21607
- http://www.debian.org/security/2006/dsa-1159
- http://www.redhat.com/support/errata/RHSA-2006-0594.html
- http://secunia.com/advisories/21631
- http://secunia.com/advisories/21654
- http://www.debian.org/security/2006/dsa-1160
- http://secunia.com/advisories/21634
- http://www.ubuntu.com/usn/usn-350-1
- http://www.ubuntu.com/usn/usn-354-1
- http://secunia.com/advisories/22055
- http://secunia.com/advisories/22210
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:143
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:145
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:146
- http://secunia.com/advisories/22065
- http://secunia.com/advisories/22066
- http://www.vupen.com/english/advisories/2006/3749
- http://www.vupen.com/english/advisories/2006/3748
- http://www.vupen.com/english/advisories/2008/0083
- http://www.vupen.com/english/advisories/2006/2998
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27991
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10113
- https://usn.ubuntu.com/329-1/
- https://usn.ubuntu.com/327-1/
- http://www.securityfocus.com/archive/1/446658/100/200/threaded
- http://www.securityfocus.com/archive/1/446657/100/200/threaded
- http://www.securityfocus.com/archive/1/441333/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-3810?
CVE-2006-3810 is considered a moderate severity vulnerability that can lead to cross-site scripting (XSS) attacks.
How do I fix CVE-2006-3810?
To fix CVE-2006-3810, upgrade to Mozilla Firefox version 1.5.0.5, Thunderbird version 1.5.0.5, or SeaMonkey version 1.0.3 or later.
What software versions are affected by CVE-2006-3810?
CVE-2006-3810 affects Mozilla Firefox versions 1.5 and earlier, Thunderbird versions 1.5 and earlier, and SeaMonkey versions 1.0.2 and earlier.
What is a cross-site scripting (XSS) vulnerability in the context of CVE-2006-3810?
A cross-site scripting (XSS) vulnerability like CVE-2006-3810 allows attackers to inject malicious scripts into web pages viewed by users.
Can CVE-2006-3810 be exploited remotely?
Yes, CVE-2006-3810 can be exploited remotely by attackers to execute arbitrary web scripts or HTML in the victim's browser.
- agent/references
- agent/type
- agent/remedy
- agent/weakness
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/mozilla
- canonical/mozilla seamonkey
- version/mozilla seamonkey/1.0.1
- canonical/firefox
- version/firefox/1.5.0.3
- version/mozilla seamonkey/1.0
- version/firefox/1.5
- version/mozilla seamonkey/1.0.2
- canonical/thunderbird
- version/thunderbird/1.5
- version/thunderbird/1.5.0.2
- version/firefox/1.5.0.2
- version/firefox/1.5.0.4
- version/firefox/1.5.0.1
- version/thunderbird/1.5.0.4