CVE - CVE-2006-3808

CVE-ID
CVE-2006-3808	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote Proxy AutoConfig (PAC) servers to execute code with elevated privileges via a PAC script that sets the FindProxyForURL function to an eval method on a privileged object.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1016586 URL:http://securitytracker.com/id?1016586 MISC:1016587 URL:http://securitytracker.com/id?1016587 MISC:1016588 URL:http://securitytracker.com/id?1016588 MISC:19181 URL:http://www.securityfocus.com/bid/19181 MISC:19873 URL:http://secunia.com/advisories/19873 MISC:20060703-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc MISC:20060727 rPSA-2006-0137-1 firefox URL:http://www.securityfocus.com/archive/1/441333/100/0/threaded MISC:21216 URL:http://secunia.com/advisories/21216 MISC:21229 URL:http://secunia.com/advisories/21229 MISC:21243 URL:http://secunia.com/advisories/21243 MISC:21246 URL:http://secunia.com/advisories/21246 MISC:21250 URL:http://secunia.com/advisories/21250 MISC:21262 URL:http://secunia.com/advisories/21262 MISC:21269 URL:http://secunia.com/advisories/21269 MISC:21270 URL:http://secunia.com/advisories/21270 MISC:21336 URL:http://secunia.com/advisories/21336 MISC:21343 URL:http://secunia.com/advisories/21343 MISC:21361 URL:http://secunia.com/advisories/21361 MISC:21529 URL:http://secunia.com/advisories/21529 MISC:21532 URL:http://secunia.com/advisories/21532 MISC:21631 URL:http://secunia.com/advisories/21631 MISC:21634 URL:http://secunia.com/advisories/21634 MISC:21654 URL:http://secunia.com/advisories/21654 MISC:21675 URL:http://secunia.com/advisories/21675 MISC:22065 URL:http://secunia.com/advisories/22065 MISC:22066 URL:http://secunia.com/advisories/22066 MISC:22210 URL:http://secunia.com/advisories/22210 MISC:22342 URL:http://secunia.com/advisories/22342 MISC:ADV-2006-2998 URL:~~http://www.vupen.com/english/advisories/2006/2998~~ (Obsolete source) MISC:ADV-2006-3748 URL:~~http://www.vupen.com/english/advisories/2006/3748~~ (Obsolete source) MISC:ADV-2006-3749 URL:~~http://www.vupen.com/english/advisories/2006/3749~~ (Obsolete source) MISC:ADV-2008-0083 URL:~~http://www.vupen.com/english/advisories/2008/0083~~ (Obsolete source) MISC:DSA-1159 URL:http://www.debian.org/security/2006/dsa-1159 MISC:DSA-1160 URL:http://www.debian.org/security/2006/dsa-1160 MISC:DSA-1161 URL:http://www.debian.org/security/2006/dsa-1161 MISC:GLSA-200608-02 URL:http://security.gentoo.org/glsa/glsa-200608-02.xml MISC:GLSA-200608-03 URL:http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml MISC:HPSBUX02153 URL:http://www.securityfocus.com/archive/1/446658/100/200/threaded MISC:HPSBUX02156 URL:http://www.securityfocus.com/archive/1/446657/100/200/threaded MISC:MDKSA-2006:143 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:143~~ (Obsolete source) MISC:MDKSA-2006:145 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:145~~ (Obsolete source) MISC:RHSA-2006:0594 URL:http://www.redhat.com/support/errata/RHSA-2006-0594.html MISC:RHSA-2006:0608 URL:http://www.redhat.com/support/errata/RHSA-2006-0608.html MISC:RHSA-2006:0609 URL:http://rhn.redhat.com/errata/RHSA-2006-0609.html MISC:RHSA-2006:0610 URL:http://www.redhat.com/support/errata/RHSA-2006-0610.html MISC:RHSA-2006:0611 URL:http://www.redhat.com/support/errata/RHSA-2006-0611.html MISC:SSRT061181 URL:http://www.securityfocus.com/archive/1/446658/100/200/threaded MISC:SSRT061236 URL:http://www.securityfocus.com/archive/1/446657/100/200/threaded MISC:SUSE-SA:2006:048 URL:http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html MISC:USN-327-1 URL:https://usn.ubuntu.com/327-1/ MISC:USN-354-1 URL:http://www.ubuntu.com/usn/usn-354-1 MISC:USN-361-1 URL:http://www.ubuntu.com/usn/usn-361-1 MISC:http://www.mozilla.org/security/announce/2006/mfsa2006-52.html URL:http://www.mozilla.org/security/announce/2006/mfsa2006-52.html MISC:https://issues.rpath.com/browse/RPL-536 URL:https://issues.rpath.com/browse/RPL-536 MISC:https://issues.rpath.com/browse/RPL-537 URL:https://issues.rpath.com/browse/RPL-537 MISC:mozilla-pac-code-execution(27989) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/27989 MISC:oval:org.mitre.oval:def:10845 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10845
Assigning CNA
Red Hat, Inc.
Date Record Created
20060724	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060724)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)