CVE - CVE-2006-3807

CVE-ID
CVE-2006-3807	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object() constructor to return a reference to a privileged object and calling "named JavaScript functions" that use the constructor.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1016586 URL:http://securitytracker.com/id?1016586 MISC:1016587 URL:http://securitytracker.com/id?1016587 MISC:1016588 URL:http://securitytracker.com/id?1016588 MISC:102763 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-102763-1~~ (Obsolete source) MISC:19181 URL:http://www.securityfocus.com/bid/19181 MISC:19873 URL:http://secunia.com/advisories/19873 MISC:20060703-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc MISC:20060727 rPSA-2006-0137-1 firefox URL:http://www.securityfocus.com/archive/1/441333/100/0/threaded MISC:21216 URL:http://secunia.com/advisories/21216 MISC:21228 URL:http://secunia.com/advisories/21228 MISC:21229 URL:http://secunia.com/advisories/21229 MISC:21243 URL:http://secunia.com/advisories/21243 MISC:21246 URL:http://secunia.com/advisories/21246 MISC:21250 URL:http://secunia.com/advisories/21250 MISC:21262 URL:http://secunia.com/advisories/21262 MISC:21269 URL:http://secunia.com/advisories/21269 MISC:21270 URL:http://secunia.com/advisories/21270 MISC:21275 URL:http://secunia.com/advisories/21275 MISC:21336 URL:http://secunia.com/advisories/21336 MISC:21343 URL:http://secunia.com/advisories/21343 MISC:21358 URL:http://secunia.com/advisories/21358 MISC:21361 URL:http://secunia.com/advisories/21361 MISC:21529 URL:http://secunia.com/advisories/21529 MISC:21532 URL:http://secunia.com/advisories/21532 MISC:21607 URL:http://secunia.com/advisories/21607 MISC:21631 URL:http://secunia.com/advisories/21631 MISC:21634 URL:http://secunia.com/advisories/21634 MISC:21654 URL:http://secunia.com/advisories/21654 MISC:21675 URL:http://secunia.com/advisories/21675 MISC:22055 URL:http://secunia.com/advisories/22055 MISC:22065 URL:http://secunia.com/advisories/22065 MISC:22066 URL:http://secunia.com/advisories/22066 MISC:22210 URL:http://secunia.com/advisories/22210 MISC:22342 URL:http://secunia.com/advisories/22342 MISC:ADV-2006-2998 URL:~~http://www.vupen.com/english/advisories/2006/2998~~ (Obsolete source) MISC:ADV-2006-3748 URL:~~http://www.vupen.com/english/advisories/2006/3748~~ (Obsolete source) MISC:ADV-2006-3749 URL:~~http://www.vupen.com/english/advisories/2006/3749~~ (Obsolete source) MISC:ADV-2007-0058 URL:~~http://www.vupen.com/english/advisories/2007/0058~~ (Obsolete source) MISC:ADV-2008-0083 URL:~~http://www.vupen.com/english/advisories/2008/0083~~ (Obsolete source) MISC:DSA-1159 URL:http://www.debian.org/security/2006/dsa-1159 MISC:DSA-1160 URL:http://www.debian.org/security/2006/dsa-1160 MISC:DSA-1161 URL:http://www.debian.org/security/2006/dsa-1161 MISC:GLSA-200608-02 URL:http://security.gentoo.org/glsa/glsa-200608-02.xml MISC:GLSA-200608-03 URL:http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml MISC:GLSA-200608-04 URL:http://security.gentoo.org/glsa/glsa-200608-04.xml MISC:HPSBUX02153 URL:http://www.securityfocus.com/archive/1/446658/100/200/threaded MISC:HPSBUX02156 URL:http://www.securityfocus.com/archive/1/446657/100/200/threaded MISC:MDKSA-2006:143 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:143~~ (Obsolete source) MISC:MDKSA-2006:145 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:145~~ (Obsolete source) MISC:MDKSA-2006:146 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:146~~ (Obsolete source) MISC:RHSA-2006:0594 URL:http://www.redhat.com/support/errata/RHSA-2006-0594.html MISC:RHSA-2006:0608 URL:http://www.redhat.com/support/errata/RHSA-2006-0608.html MISC:RHSA-2006:0609 URL:http://rhn.redhat.com/errata/RHSA-2006-0609.html MISC:RHSA-2006:0610 URL:http://www.redhat.com/support/errata/RHSA-2006-0610.html MISC:RHSA-2006:0611 URL:http://www.redhat.com/support/errata/RHSA-2006-0611.html MISC:SSRT061181 URL:http://www.securityfocus.com/archive/1/446658/100/200/threaded MISC:SSRT061236 URL:http://www.securityfocus.com/archive/1/446657/100/200/threaded MISC:SUSE-SA:2006:048 URL:http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html MISC:TA06-208A URL:http://www.us-cert.gov/cas/techalerts/TA06-208A.html MISC:USN-327-1 URL:https://usn.ubuntu.com/327-1/ MISC:USN-329-1 URL:https://usn.ubuntu.com/329-1/ MISC:USN-350-1 URL:http://www.ubuntu.com/usn/usn-350-1 MISC:USN-354-1 URL:http://www.ubuntu.com/usn/usn-354-1 MISC:USN-361-1 URL:http://www.ubuntu.com/usn/usn-361-1 MISC:VU#687396 URL:http://www.kb.cert.org/vuls/id/687396 MISC:http://www.mozilla.org/security/announce/2006/mfsa2006-51.html URL:http://www.mozilla.org/security/announce/2006/mfsa2006-51.html MISC:https://issues.rpath.com/browse/RPL-536 URL:https://issues.rpath.com/browse/RPL-536 MISC:https://issues.rpath.com/browse/RPL-537 URL:https://issues.rpath.com/browse/RPL-537 MISC:mozilla-js-constructor-code-execution(27988) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/27988 MISC:oval:org.mitre.oval:def:10374 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10374
Assigning CNA
Red Hat, Inc.
Date Record Created
20060724	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060724)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)