CVE-2006-3803

Sažetak

Race condition in the JavaScript garbage collection in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code by causing the garbage collector to delete a temporary variable while it is still being used during the creation of a new Function object.

Reference

ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc
http://rhn.redhat.com/errata/RHSA-2006-0609.html
http://secunia.com/advisories/19873
http://secunia.com/advisories/21216
http://secunia.com/advisories/21228
http://secunia.com/advisories/21229
http://secunia.com/advisories/21243
http://secunia.com/advisories/21246
http://secunia.com/advisories/21250
http://secunia.com/advisories/21262
http://secunia.com/advisories/21269
http://secunia.com/advisories/21270
http://secunia.com/advisories/21275
http://secunia.com/advisories/21336
http://secunia.com/advisories/21343
http://secunia.com/advisories/21358
http://secunia.com/advisories/21361
http://secunia.com/advisories/21529
http://secunia.com/advisories/21532
http://secunia.com/advisories/21607
http://secunia.com/advisories/21631
http://secunia.com/advisories/22055
http://secunia.com/advisories/22065
http://secunia.com/advisories/22066
http://secunia.com/advisories/22210
http://security.gentoo.org/glsa/glsa-200608-02.xml
http://security.gentoo.org/glsa/glsa-200608-04.xml
http://securitytracker.com/id?1016586
http://securitytracker.com/id?1016587
http://securitytracker.com/id?1016588
http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml
http://www.kb.cert.org/vuls/id/265964
http://www.mandriva.com/security/advisories?name=MDKSA-2006:143
http://www.mandriva.com/security/advisories?name=MDKSA-2006:145
http://www.mandriva.com/security/advisories?name=MDKSA-2006:146
http://www.mozilla.org/security/announce/2006/mfsa2006-48.html
http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html
http://www.redhat.com/support/errata/RHSA-2006-0594.html
http://www.redhat.com/support/errata/RHSA-2006-0608.html
http://www.redhat.com/support/errata/RHSA-2006-0610.html
http://www.redhat.com/support/errata/RHSA-2006-0611.html
http://www.securityfocus.com/archive/1/441333/100/0/threaded
http://www.securityfocus.com/archive/1/446657/100/200/threaded
http://www.securityfocus.com/archive/1/446658/100/200/threaded
http://www.securityfocus.com/bid/19181
http://www.ubuntu.com/usn/usn-350-1
http://www.ubuntu.com/usn/usn-354-1
http://www.us-cert.gov/cas/techalerts/TA06-208A.html
http://www.vupen.com/english/advisories/2006/2998
http://www.vupen.com/english/advisories/2006/3748
http://www.vupen.com/english/advisories/2006/3749
http://www.vupen.com/english/advisories/2008/0083
https://exchange.xforce.ibmcloud.com/vulnerabilities/27984
https://issues.rpath.com/browse/RPL-536
https://issues.rpath.com/browse/RPL-537
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10635
https://usn.ubuntu.com/327-1/
https://usn.ubuntu.com/329-1/

CVSS

Base:	5.1
Impact:	6.4
Exploitability:	4.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:H/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

17-10-2018 - 21:30

Objavljeno

27-07-2006 - 19:04