Overview
Mozilla products contain multiple vulnerabilities that can cause memory corruption. This may allow a remote attacker to execute arbitrary code on a vulnerable system.
Description
Mozilla products contain multiple bugs that cause the application to crash. In some cases, a crash may be exploitable to execute arbitrary code. |
Impact
A remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. The attacker could also cause the vulnerable application to crash. |
Solution
Apply an update This vulnerability is addressed in Firefox 1.5.0.5, Thunderbird 1.5.0.5, and SeaMonkey 1.0.3, according to the Mozilla Foundation Security Update 2006-55. |
|
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- http://www.mozilla.org/security/announce/2006/mfsa2006-55.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=336162
- https://bugzilla.mozilla.org/show_bug.cgi?id=284219
- https://bugzilla.mozilla.org/show_bug.cgi?id=331679
- https://bugzilla.mozilla.org/show_bug.cgi?id=329900
- https://bugzilla.mozilla.org/show_bug.cgi?id=331883
- https://bugzilla.mozilla.org/show_bug.cgi?id=338391
- https://bugzilla.mozilla.org/show_bug.cgi?id=340733
- https://bugzilla.mozilla.org/show_bug.cgi?id=338129
- https://bugzilla.mozilla.org/show_bug.cgi?id=337462
- http://secunia.com/advisories/19873/
- http://secunia.com/advisories/21216/
- http://secunia.com/advisories/21229/
- http://secunia.com/advisories/21228/
- https://issues.rpath.com/browse/RPL-537
- http://www.securityfocus.com/bid/19181
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102971-1
Acknowledgements
This vulnerability was reported by the Mozilla Foundation, who in turn credit Boris Zbarsky, Darin Fisher, Daniel Veditz, Jesse Ruderman, Martijn Wargers, and shutdown.
This document was written by Will Dormann.
Other Information
| CVE IDs: | CVE-2006-3811 |
| Severity Metric: | 7.37 |
| Date Public: | 2006-07-25 |
| Date First Published: | 2006-07-27 |
| Date Last Updated: | 2007-07-17 16:51 UTC |
| Document Revision: | 10 |