CVSS: 7.5EPSS: 64%CPEs: 12EXPL: 0CVE-2006-3811
https://notcve.org/view.php?id=CVE-2006-3811
Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Javascript that leads to memory corruption, including (1) nsListControlFrame::FireMenuItemActiveEvent, (2) buffer overflows in the string class in out-of-memory conditions, (3) table row and column groups, (4) "anonymous box selectors outside of UA stylesheets," (5) stale references to "removed nodes," and (6) running the crypto.generateCRMFRequest callback on deleted context. Múltiples vulnerabilidades en Mozilla Firefox anterior a 1.5.0.5, Thunderbird anterior a 1.5.0.5, y SeaMonkey anterior a 1.0.3 permite a atacantes remotos provocar denegación de servicio (caida) y posiblemente ejecutar código a través de JavaScript que conducen a un corrupción de memoria, incluyendo (1) nsListControlFrame::FireMenuItemActiveEvent, (2) desbordamiento de búfer en la clase string en condiciones fuera de memoria, (3) fila de tabla y grupos de columnas, (4) "selectores anónimos de caja fuera del estilo del UA," (5)referencias pasadas a "nodos borrados", y (6) ejecutando la segunda prueba crypto.generateCRMFRequest sobre un contexto borrado. • ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc http://rhn.redhat.com/errata/RHSA-2006-0609.html http://secunia.com/advisories/19873 http://secunia.com/advisories/21216 http://secunia.com/advisories/21228 http://secunia.com/advisories/21229 http://secunia.com/advisories/21243 http://secunia.com/advisories/21246 http://secunia.com/advisories/21250 http://secunia.com/advisories/21262 http://secunia.com/advisories/21269 http://secunia.com/advisories&#x •
CVSS: 5.0EPSS: 37%CPEs: 7EXPL: 0CVE-2006-3804
https://notcve.org/view.php?id=CVE-2006-3804
Heap-based buffer overflow in Mozilla Thunderbird before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service (crash) via a VCard attachment with a malformed base64 field, which copies more data than expected due to an integer underflow. Desbordamiento de búfer basado en pila en Mozilla Thunderbird anterior a 1.5.0.5 y SeaMonkey anterior a 1.0.3 permite a atacantes remotos provocar denegación de servicio (caida) a través de una adjunto Vcard con un campo base64 mal formado, lo cual copia más datos que los esperados llevando consigo a un desbordamiento inferior de entero. • ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc http://rhn.redhat.com/errata/RHSA-2006-0609.html http://secunia.com/advisories/21228 http://secunia.com/advisories/21229 http://secunia.com/advisories/21246 http://secunia.com/advisories/21250 http://secunia.com/advisories/21262 http://secunia.com/advisories/21269 http://secunia.com/advisories/21275 http://secunia.com/advisories/21336 http://secunia.com/advisories/21343 http://secunia.com/advisories&#x •
CVSS: 5.1EPSS: 96%CPEs: 12EXPL: 0CVE-2006-3803
https://notcve.org/view.php?id=CVE-2006-3803
Race condition in the JavaScript garbage collection in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code by causing the garbage collector to delete a temporary variable while it is still being used during the creation of a new Function object. Condición de carrera en el colector de basura JavaSCript en Mozilla Firefox 1.5 anterior a 1.5.0.5, Thunderbird anterior a 1.5.0.5, y SeaMonkey anterior a 1.0.3 podría permitir a atacantes remotos ejecutar código de su elección provocando que el colector de basura borra variables temporales mientras todavía se está utilizando durante la creación de un nuevo objeto de la función. • ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc http://rhn.redhat.com/errata/RHSA-2006-0609.html http://secunia.com/advisories/19873 http://secunia.com/advisories/21216 http://secunia.com/advisories/21228 http://secunia.com/advisories/21229 http://secunia.com/advisories/21243 http://secunia.com/advisories/21246 http://secunia.com/advisories/21250 http://secunia.com/advisories/21262 http://secunia.com/advisories/21269 http://secunia.com/advisories&#x •
CVSS: 7.5EPSS: 97%CPEs: 12EXPL: 0CVE-2006-3806
https://notcve.org/view.php?id=CVE-2006-3806
Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSource method of the Object, Array, and String objects; and (2) unspecified "string function arguments." Múltiples desbordamientos de búfer de enteros en el motor JavaScript en Mozilla Firefox anterior a 1.5.0.5, Thunderbird anterior a 1.5.0.5, y SeaMonkey anterior a 1.0.3 podrían permitir a atacantes remotos ejecutar código de su elección a través de vectores que afectan a (1) cadena en el método toSource del objeto, objetos Array y String, y (2)"argumentos de cadenas de función" no especificadas. • ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc http://rhn.redhat.com/errata/RHSA-2006-0609.html http://secunia.com/advisories/19873 http://secunia.com/advisories/21216 http://secunia.com/advisories/21228 http://secunia.com/advisories/21229 http://secunia.com/advisories/21243 http://secunia.com/advisories/21246 http://secunia.com/advisories/21250 http://secunia.com/advisories/21262 http://secunia.com/advisories/21269 http://secunia.com/advisories&#x • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 59%CPEs: 12EXPL: 0CVE-2006-3807
https://notcve.org/view.php?id=CVE-2006-3807
Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object() constructor to return a reference to a privileged object and calling "named JavaScript functions" that use the constructor. Mozilla Firefox anterior a 1.5.0.5, Thunderbird anterior a 1.5.0.5, y SeaMonkey anterior a 1.0.3 permite a atacantes remotos ejecutar código de su elección a través de la secuencia de comandos que cambian el constructor Object() estandar para retornar a la referencia a un objeto privilegiado y la llamada a las "funciones JavaScript" que usa el constructor. • ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc http://rhn.redhat.com/errata/RHSA-2006-0609.html http://secunia.com/advisories/19873 http://secunia.com/advisories/21216 http://secunia.com/advisories/21228 http://secunia.com/advisories/21229 http://secunia.com/advisories/21243 http://secunia.com/advisories/21246 http://secunia.com/advisories/21250 http://secunia.com/advisories/21262 http://secunia.com/advisories/21269 http://secunia.com/advisories&#x •