CVE-2006-3677

Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a crash that leads to code execution.

• CWE-16

• ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc
• http://rhn.redhat.com/errata/RHSA-2006-0609.htmlVendor Advisory
• http://secunia.com/advisories/19873Patch, Vendor Advisory
• http://secunia.com/advisories/21216Patch, Vendor Advisory
• http://secunia.com/advisories/21229Patch, Vendor Advisory
• http://secunia.com/advisories/21243Vendor Advisory
• http://secunia.com/advisories/21246Vendor Advisory
• http://secunia.com/advisories/21262Vendor Advisory
• http://secunia.com/advisories/21269Vendor Advisory
• http://secunia.com/advisories/21270Vendor Advisory
• http://secunia.com/advisories/21336Vendor Advisory
• http://secunia.com/advisories/21343Vendor Advisory
• http://secunia.com/advisories/21361Vendor Advisory
• http://secunia.com/advisories/21529Vendor Advisory
• http://secunia.com/advisories/21532Vendor Advisory
• http://secunia.com/advisories/21631Vendor Advisory
• http://secunia.com/advisories/22066Vendor Advisory
• http://secunia.com/advisories/22210Vendor Advisory
• http://security.gentoo.org/glsa/glsa-200608-02.xml
• http://securitytracker.com/id?1016586
• http://securitytracker.com/id?1016587
• http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml
• http://www.kb.cert.org/vuls/id/670060Third Party Advisory, US Government Resource
• http://www.mandriva.com/security/advisories?name=MDKSA-2006:143
• http://www.mandriva.com/security/advisories?name=MDKSA-2006:145
• http://www.mozilla.org/security/announce/2006/mfsa2006-45.htmlVendor Advisory
• http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html
• http://www.redhat.com/support/errata/RHSA-2006-0594.htmlVendor Advisory
• http://www.redhat.com/support/errata/RHSA-2006-0608.htmlVendor Advisory
• http://www.redhat.com/support/errata/RHSA-2006-0610.htmlVendor Advisory
• http://www.redhat.com/support/errata/RHSA-2006-0611.htmlVendor Advisory
• http://www.securityfocus.com/archive/1/441332/100/0/threaded
• http://www.securityfocus.com/archive/1/441333/100/0/threaded
• http://www.securityfocus.com/archive/1/446658/100/200/threaded
• http://www.securityfocus.com/bid/19181
• http://www.securityfocus.com/bid/19192Patch
• http://www.ubuntu.com/usn/usn-354-1
• http://www.us-cert.gov/cas/techalerts/TA06-208A.htmlUS Government Resource
• http://www.vupen.com/english/advisories/2006/2998Vendor Advisory
• http://www.vupen.com/english/advisories/2006/3748Vendor Advisory
• http://www.vupen.com/english/advisories/2008/0083Vendor Advisory
• http://www.zerodayinitiative.com/advisories/ZDI-06-025.htmlVendor Advisory
• https://exchange.xforce.ibmcloud.com/vulnerabilities/27981
• https://exchange.xforce.ibmcloud.com/vulnerabilities/39998
• https://issues.rpath.com/browse/RPL-536
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10745
• https://usn.ubuntu.com/327-1/
• ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc
• http://rhn.redhat.com/errata/RHSA-2006-0609.htmlVendor Advisory
• http://secunia.com/advisories/19873Patch, Vendor Advisory
• http://secunia.com/advisories/21216Patch, Vendor Advisory
• http://secunia.com/advisories/21229Patch, Vendor Advisory
• http://secunia.com/advisories/21243Vendor Advisory
• http://secunia.com/advisories/21246Vendor Advisory
• http://secunia.com/advisories/21262Vendor Advisory
• http://secunia.com/advisories/21269Vendor Advisory
• http://secunia.com/advisories/21270Vendor Advisory
• http://secunia.com/advisories/21336Vendor Advisory
• http://secunia.com/advisories/21343Vendor Advisory
• http://secunia.com/advisories/21361Vendor Advisory
• http://secunia.com/advisories/21529Vendor Advisory
• http://secunia.com/advisories/21532Vendor Advisory
• http://secunia.com/advisories/21631Vendor Advisory
• http://secunia.com/advisories/22066Vendor Advisory
• http://secunia.com/advisories/22210Vendor Advisory
• http://security.gentoo.org/glsa/glsa-200608-02.xml
• http://securitytracker.com/id?1016586
• http://securitytracker.com/id?1016587
• http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml
• http://www.kb.cert.org/vuls/id/670060Third Party Advisory, US Government Resource
• http://www.mandriva.com/security/advisories?name=MDKSA-2006:143
• http://www.mandriva.com/security/advisories?name=MDKSA-2006:145
• http://www.mozilla.org/security/announce/2006/mfsa2006-45.htmlVendor Advisory
• http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html
• http://www.redhat.com/support/errata/RHSA-2006-0594.htmlVendor Advisory
• http://www.redhat.com/support/errata/RHSA-2006-0608.htmlVendor Advisory
• http://www.redhat.com/support/errata/RHSA-2006-0610.htmlVendor Advisory
• http://www.redhat.com/support/errata/RHSA-2006-0611.htmlVendor Advisory
• http://www.securityfocus.com/archive/1/441332/100/0/threaded
• http://www.securityfocus.com/archive/1/441333/100/0/threaded
• http://www.securityfocus.com/archive/1/446658/100/200/threaded
• http://www.securityfocus.com/bid/19181
• http://www.securityfocus.com/bid/19192Patch
• http://www.ubuntu.com/usn/usn-354-1
• http://www.us-cert.gov/cas/techalerts/TA06-208A.htmlUS Government Resource
• http://www.vupen.com/english/advisories/2006/2998Vendor Advisory
• http://www.vupen.com/english/advisories/2006/3748Vendor Advisory
• http://www.vupen.com/english/advisories/2008/0083Vendor Advisory
• http://www.zerodayinitiative.com/advisories/ZDI-06-025.htmlVendor Advisory
• https://exchange.xforce.ibmcloud.com/vulnerabilities/27981
• https://exchange.xforce.ibmcloud.com/vulnerabilities/39998
• https://issues.rpath.com/browse/RPL-536
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10745
• https://usn.ubuntu.com/327-1/

Published

Jul 27, 2006

Last Modified

Jun 16, 2026

Status

Modified