// For flags

CVE-2006-3677

Mozilla Firefox Javascript navigator Object Vulnerability

Severity Score

7.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a crash that leads to code execution.

Mozilla Firefox 1.5 anterior a 1.5.0.5 y SeaMonkey anterior a 1.0.3 permite a atacantes remotos ejecutar código de su elección cambiando ciertas propiedades del objeto de la ventana de navegación (window.navigator) que es accedido cuando comienza Java, lo cual provoca un caida que desemboca en una ejecución de código.

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of the Mozilla Firefox web browser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
The flaw exists when assigning specific values to the window.navigator object. A lack of checking on assignment causes user supplied data to be later used in the creation of other objects leading to eventual code execution.

*Credits: Anonymous
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-07-18 CVE Reserved
  • 2006-07-25 First Exploit
  • 2006-07-26 CVE Published
  • 2024-06-16 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-16: Configuration
CAPEC
References (53)
URL Date SRC
ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc 2018-10-18
http://rhn.redhat.com/errata/RHSA-2006-0609.html 2018-10-18
http://secunia.com/advisories/21243 2018-10-18
http://secunia.com/advisories/21246 2018-10-18
http://secunia.com/advisories/21262 2018-10-18
http://secunia.com/advisories/21269 2018-10-18
http://secunia.com/advisories/21270 2018-10-18
http://secunia.com/advisories/21336 2018-10-18
http://secunia.com/advisories/21343 2018-10-18
http://secunia.com/advisories/21361 2018-10-18
http://secunia.com/advisories/21529 2018-10-18
http://secunia.com/advisories/21532 2018-10-18
http://secunia.com/advisories/21631 2018-10-18
http://secunia.com/advisories/22066 2018-10-18
http://secunia.com/advisories/22210 2018-10-18
http://security.gentoo.org/glsa/glsa-200608-02.xml 2018-10-18
http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml 2018-10-18
http://www.mandriva.com/security/advisories?name=MDKSA-2006:143 2018-10-18
http://www.mandriva.com/security/advisories?name=MDKSA-2006:145 2018-10-18
http://www.mozilla.org/security/announce/2006/mfsa2006-45.html 2018-10-18
http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html 2018-10-18
http://www.redhat.com/support/errata/RHSA-2006-0594.html 2018-10-18
http://www.redhat.com/support/errata/RHSA-2006-0608.html 2018-10-18
http://www.redhat.com/support/errata/RHSA-2006-0610.html 2018-10-18
http://www.redhat.com/support/errata/RHSA-2006-0611.html 2018-10-18
http://www.securityfocus.com/archive/1/446658/100/200/threaded 2018-10-18
http://www.ubuntu.com/usn/usn-354-1 2018-10-18
http://www.vupen.com/english/advisories/2006/2998 2018-10-18
http://www.vupen.com/english/advisories/2006/3748 2018-10-18
http://www.vupen.com/english/advisories/2008/0083 2018-10-18
http://www.zerodayinitiative.com/advisories/ZDI-06-025.html 2018-10-18
https://usn.ubuntu.com/327-1 2018-10-18
https://access.redhat.com/security/cve/CVE-2006-3677 2006-07-29
https://bugzilla.redhat.com/show_bug.cgi?id=1618153 2006-07-29
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
1.5
Search vendor "Mozilla" for product "Firefox" and version "1.5"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
1.5.0.1
Search vendor "Mozilla" for product "Firefox" and version "1.5.0.1"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
1.5.0.2
Search vendor "Mozilla" for product "Firefox" and version "1.5.0.2"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
1.5.0.3
Search vendor "Mozilla" for product "Firefox" and version "1.5.0.3"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
1.5.0.4
Search vendor "Mozilla" for product "Firefox" and version "1.5.0.4"
-
Affected
Mozilla
Search vendor "Mozilla"
Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
1.0
Search vendor "Mozilla" for product "Seamonkey" and version "1.0"
-
Affected
Mozilla
Search vendor "Mozilla"
Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
1.0
Search vendor "Mozilla" for product "Seamonkey" and version "1.0"
dev
Affected
Mozilla
Search vendor "Mozilla"
Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
1.0.1
Search vendor "Mozilla" for product "Seamonkey" and version "1.0.1"
-
Affected
Mozilla
Search vendor "Mozilla"
Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
1.0.2
Search vendor "Mozilla" for product "Seamonkey" and version "1.0.2"
-
Affected