Published: 27/07/2006 Updated: 17/10/2018

CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9

VMScore: 454

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Subscribe to Mozilla

Race condition in the JavaScript garbage collection in Mozilla Firefox 1.5 prior to 1.5.0.5, Thunderbird prior to 1.5.0.5, and SeaMonkey prior to 1.0.3 might allow remote malicious users to execute arbitrary code by causing the garbage collector to delete a temporary variable while it is still being used during the creation of a new Function object.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox 1.5.0.3
mozilla firefox 1.5.0.4
mozilla thunderbird 1.5.0.4
mozilla firefox 1.5.0.1
mozilla firefox 1.5.0.2
mozilla thunderbird 1.5
mozilla thunderbird 1.5.0.2
mozilla firefox 1.5
mozilla seamonkey 1.0.2
mozilla seamonkey 1.0
mozilla seamonkey 1.0.1

Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious email containing JavaScript Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it (CVE-2006-3113, CVE-2006-3802, CVE-2006-3803, CVE-2006-3805, CVE-2006 ...

This update upgrades Thunderbird from 108 to 1507 This step was necessary since the 10x series is not supported by upstream any more ...

Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious URL (CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3809, CVE-2006-3811, CVE-2006-3812) ...

Mozilla Foundation Security Advisory 2006-48 JavaScript new Function race condition Announced July 25, 2006 Reporter H D Moore Impact Critical Products Firefox, SeaMonkey, Thunderbird Fixed in ...

NVD-CWE-Other http://www.kb.cert.org/vuls/id/265964 https://issues.rpath.com/browse/RPL-536 http://www.securityfocus.com/bid/19181 http://securitytracker.com/id?1016586 http://securitytracker.com/id?1016587 http://securitytracker.com/id?1016588 http://secunia.com/advisories/19873 http://secunia.com/advisories/21216 http://secunia.com/advisories/21228 http://secunia.com/advisories/21229 http://www.redhat.com/support/errata/RHSA-2006-0608.html http://www.us-cert.gov/cas/techalerts/TA06-208A.html http://secunia.com/advisories/21246 http://www.redhat.com/support/errata/RHSA-2006-0610.html http://www.redhat.com/support/errata/RHSA-2006-0611.html http://secunia.com/advisories/21243 http://secunia.com/advisories/21269 http://secunia.com/advisories/21270 http://secunia.com/advisories/21275 http://security.gentoo.org/glsa/glsa-200608-02.xml http://security.gentoo.org/glsa/glsa-200608-04.xml http://rhn.redhat.com/errata/RHSA-2006-0609.html http://secunia.com/advisories/21336 http://secunia.com/advisories/21358 http://secunia.com/advisories/21361 http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml https://issues.rpath.com/browse/RPL-537 ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc http://secunia.com/advisories/21250 http://secunia.com/advisories/21262 http://secunia.com/advisories/21343 http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html http://secunia.com/advisories/21529 http://secunia.com/advisories/21532 http://secunia.com/advisories/21607 http://www.redhat.com/support/errata/RHSA-2006-0594.html http://secunia.com/advisories/21631 http://www.ubuntu.com/usn/usn-350-1 http://www.ubuntu.com/usn/usn-354-1 http://secunia.com/advisories/22055 http://secunia.com/advisories/22210 http://www.mandriva.com/security/advisories?name=MDKSA-2006:143 http://www.mandriva.com/security/advisories?name=MDKSA-2006:145 http://www.mandriva.com/security/advisories?name=MDKSA-2006:146 http://secunia.com/advisories/22065 http://secunia.com/advisories/22066 http://www.vupen.com/english/advisories/2006/3749 http://www.vupen.com/english/advisories/2006/3748 http://www.vupen.com/english/advisories/2008/0083 http://www.vupen.com/english/advisories/2006/2998 http://www.mozilla.org/security/announce/2006/mfsa2006-48.html https://exchange.xforce.ibmcloud.com/vulnerabilities/27984 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10635 https://usn.ubuntu.com/329-1/https://usn.ubuntu.com/327-1/http://www.securityfocus.com/archive/1/446658/100/200/threaded http://www.securityfocus.com/archive/1/446657/100/200/threaded http://www.securityfocus.com/archive/1/441333/100/0/threaded https://nvd.nist.gov https://usn.ubuntu.com/329-1/https://www.kb.cert.org/vuls/id/265964

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook