{ "id": "CVE-2006-3677", "sourceIdentifier": "cve@mitre.org", "published": "2006-07-27T19:04:00.000", "lastModified": "2018-10-18T16:48:49.630", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a crash that leads to code execution." }, { "lang": "es", "value": "Mozilla Firefox 1.5 anterior a 1.5.0.5 y SeaMonkey anterior a 1.0.3 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n cambiando ciertas propiedades del objeto de la ventana de navegaci\u00f3n (window.navigator) que es accedido cuando comienza Java, lo cual provoca un caida que desemboca en una ejecuci\u00f3n de c\u00f3digo." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 7.5 }, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-16" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "ABB88E86-6E83-4A59-9266-8B98AA91774D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "7D6BF5B1-86D1-47FE-9D9C-735718F94874" }, { "vulnerable": true, "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "84D15CE0-69DF-4EFD-801E-96A4D6AABEDB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "CEE203DE-6C0E-4FDE-9C3A-0E73430F17DA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "F2F38886-C25A-4C6B-93E7-36461405BA99" }, { "vulnerable": true, "criteria": "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "09E18FC0-0C8C-4FA1-85B9-B868D00F002F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:mozilla:seamonkey:1.0:*:dev:*:*:*:*:*", "matchCriteriaId": "55344F76-1C42-4DD8-A28B-1C33626C6FD2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "6521C877-63C9-4B6E-9FC9-1263FFBB7950" }, { "vulnerable": true, "criteria": "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "D949DF0A-CBC2-40E1-AE6C-60E6F58D2481" } ] } ] } ], "references": [ { "url": "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc", "source": "cve@mitre.org" }, { "url": "http://rhn.redhat.com/errata/RHSA-2006-0609.html", "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ] }, { "url": "http://security.gentoo.org/glsa/glsa-200608-02.xml", "source": "cve@mitre.org" }, { "url": "http://securitytracker.com/id?1016586", "source": "cve@mitre.org" }, { "url": "http://securitytracker.com/id?1016587", "source": "cve@mitre.org" }, { "url": "http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml", "source": "cve@mitre.org" }, { "url": "http://www.kb.cert.org/vuls/id/670060", "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "US Government Resource" ] }, { "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143", "source": "cve@mitre.org" }, { "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145", "source": "cve@mitre.org" }, { "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-45.html", "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ] }, { "url": "http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html", "source": "cve@mitre.org" }, { "url": "http://www.redhat.com/support/errata/RHSA-2006-0594.html", "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ] }, { "url": "http://www.redhat.com/support/errata/RHSA-2006-0608.html", "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ] }, { "url": "http://www.redhat.com/support/errata/RHSA-2006-0610.html", "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ] }, { "url": "http://www.redhat.com/support/errata/RHSA-2006-0611.html", "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ] }, { "url": "http://www.securityfocus.com/archive/1/441332/100/0/threaded", "source": "cve@mitre.org" }, { "url": "http://www.securityfocus.com/archive/1/441333/100/0/threaded", "source": "cve@mitre.org" }, { "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded", "source": "cve@mitre.org" }, { "url": "http://www.securityfocus.com/bid/19181", "source": "cve@mitre.org" }, { "url": "http://www.securityfocus.com/bid/19192", "source": "cve@mitre.org", "tags": [ "Patch" ] }, { "url": "http://www.ubuntu.com/usn/usn-354-1", "source": "cve@mitre.org" }, { "url": "http://www.us-cert.gov/cas/techalerts/TA06-208A.html", "source": "cve@mitre.org", "tags": [ "US Government Resource" ] }, { "url": "http://www.vupen.com/english/advisories/2006/2998", "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ] }, { "url": "http://www.vupen.com/english/advisories/2006/3748", "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ] }, { "url": "http://www.vupen.com/english/advisories/2008/0083", "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ] }, { "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-025.html", "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27981", "source": "cve@mitre.org" }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39998", "source": "cve@mitre.org" }, { "url": "https://issues.rpath.com/browse/RPL-536", "source": "cve@mitre.org" }, { "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10745", "source": "cve@mitre.org" }, { "url": "https://usn.ubuntu.com/327-1/", "source": "cve@mitre.org" } ] }