CVE-2006-3806
UnknownEPSS 5.36%
Last modified
CVE-2006-3806 is a vulnerability of currently unknown severity. Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSource method of the Object, Array, and String objects; and (2) unspecified "string function arguments.". EPSS estimates a 5.36% chance of exploitation in the next 30 days.
Description
Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSource method of the Object, Array, and String objects; and (2) unspecified "string function arguments."
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | 1.5 |
| Mozilla | Firefox | 1.5.0.1 |
| Mozilla | Firefox | 1.5.0.2 |
| Mozilla | Firefox | 1.5.0.3 |
| Mozilla | Firefox | 1.5.0.4 |
| Mozilla | Seamonkey | 1.0 |
| Mozilla | Seamonkey | 1.0.1 |
| Mozilla | Seamonkey | 1.0.2 |
| Mozilla | Thunderbird | 1.5 |
| Mozilla | Thunderbird | 1.5.0.2 |
| Mozilla | Thunderbird | 1.5.0.4 |
References
- http://rhn.redhat.com/errata/RHSA-2006-0609.htmlVendor Advisory
- http://secunia.com/advisories/19873Patch, Vendor Advisory
- http://secunia.com/advisories/21216Patch, Vendor Advisory
- http://secunia.com/advisories/21228Patch, Vendor Advisory
- http://secunia.com/advisories/21229Patch, Vendor Advisory
- http://secunia.com/advisories/21243Vendor Advisory
- http://secunia.com/advisories/21246Vendor Advisory
- http://secunia.com/advisories/21250Vendor Advisory
- http://secunia.com/advisories/21262Vendor Advisory
- http://secunia.com/advisories/21269Vendor Advisory
- http://secunia.com/advisories/21270Vendor Advisory
- http://secunia.com/advisories/21275Vendor Advisory
- http://secunia.com/advisories/21336Vendor Advisory
- http://secunia.com/advisories/21343Vendor Advisory
- http://secunia.com/advisories/21358Vendor Advisory
- http://secunia.com/advisories/21361Vendor Advisory
- http://secunia.com/advisories/21529Vendor Advisory
- http://secunia.com/advisories/21532Vendor Advisory
- http://secunia.com/advisories/21607Vendor Advisory
- http://secunia.com/advisories/21631Vendor Advisory
- http://secunia.com/advisories/21634Vendor Advisory
- http://secunia.com/advisories/21654Vendor Advisory
- http://secunia.com/advisories/21675Vendor Advisory
- http://www.kb.cert.org/vuls/id/655892Third Party Advisory, US Government Resource
- http://www.redhat.com/support/errata/RHSA-2006-0608.htmlVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2006-0610.htmlVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2006-0611.htmlVendor Advisory
- http://www.us-cert.gov/cas/techalerts/TA06-208A.htmlUS Government Resource
- http://rhn.redhat.com/errata/RHSA-2006-0609.htmlVendor Advisory
- http://secunia.com/advisories/19873Patch, Vendor Advisory
- http://secunia.com/advisories/21216Patch, Vendor Advisory
- http://secunia.com/advisories/21228Patch, Vendor Advisory
- http://secunia.com/advisories/21229Patch, Vendor Advisory
- http://secunia.com/advisories/21243Vendor Advisory
- http://secunia.com/advisories/21246Vendor Advisory
- http://secunia.com/advisories/21250Vendor Advisory
- http://secunia.com/advisories/21262Vendor Advisory
- http://secunia.com/advisories/21269Vendor Advisory
- http://secunia.com/advisories/21270Vendor Advisory
- http://secunia.com/advisories/21275Vendor Advisory
- http://secunia.com/advisories/21336Vendor Advisory
- http://secunia.com/advisories/21343Vendor Advisory
- http://secunia.com/advisories/21358Vendor Advisory
- http://secunia.com/advisories/21361Vendor Advisory
- http://secunia.com/advisories/21529Vendor Advisory
- http://secunia.com/advisories/21532Vendor Advisory
- http://secunia.com/advisories/21607Vendor Advisory
- http://secunia.com/advisories/21631Vendor Advisory
- http://secunia.com/advisories/21634Vendor Advisory
- http://secunia.com/advisories/21654Vendor Advisory
- http://secunia.com/advisories/21675Vendor Advisory
- http://www.kb.cert.org/vuls/id/655892Third Party Advisory, US Government Resource
- http://www.redhat.com/support/errata/RHSA-2006-0608.htmlVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2006-0610.htmlVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2006-0611.htmlVendor Advisory
- http://www.us-cert.gov/cas/techalerts/TA06-208A.htmlUS Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2006-3806?
Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSource method of the Object, Array, and String objects; and (2) unspecified "string function arguments."
How severe is CVE-2006-3806?
Severity scoring for CVE-2006-3806 is pending analysis. The EPSS model estimates a 5.36% probability of exploitation in the next 30 days.
How do I fix CVE-2006-3806?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2006-3806?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST