FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-3677

This CVE name corresponds to:

Entered	Topic
2006-07-27	mozilla -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2006-3677 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2006-3677
Phase	Assigned(20060718)

Description

Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a crash that leads to code execution.

References

Source	Reference
BUGTRAQ	20060727 rPSA-2006-0137-1 firefox
BUGTRAQ	20060726 ZDI-06-025: Mozilla Firefox Javascript navigator Object Vulnerability
CONFIRM	http://www.mozilla.org/security/announce/2006/mfsa2006-45.html
MISC	http://www.zerodayinitiative.com/advisories/ZDI-06-025.html
CONFIRM	https://issues.rpath.com/browse/RPL-536
GENTOO	GLSA-200608-02
GENTOO	GLSA-200608-03
HP	HPSBUX02153
HP	SSRT061181
MANDRIVA	MDKSA-2006:143
MANDRIVA	MDKSA-2006:145
REDHAT	RHSA-2006:0608
REDHAT	RHSA-2006:0610
REDHAT	RHSA-2006:0611
REDHAT	RHSA-2006:0609
REDHAT	RHSA-2006:0594
SGI	20060703-01-P
SUSE	SUSE-SA:2006:048
UBUNTU	USN-327-1
UBUNTU	USN-354-1
CERT	TA06-208A
CERT-VN	VU#670060
BID	19181
BID	19192
OVAL	oval:org.mitre.oval:def:10745
VUPEN	ADV-2006-2998
VUPEN	ADV-2006-3748
VUPEN	ADV-2008-0083
SECTRACK	1016586
SECTRACK	1016587
SECUNIA	19873
SECUNIA	21216
SECUNIA	21229
SECUNIA	21246
SECUNIA	21243
SECUNIA	21269
SECUNIA	21270
SECUNIA	21336
SECUNIA	21361
SECUNIA	21262
SECUNIA	21343
SECUNIA	21529
SECUNIA	21532
SECUNIA	21631
SECUNIA	22210
SECUNIA	22066
XF	mozilla-javascript-navigator-code-excecution(27981)
XF	iphone-mobilesafari-dos(39998)