Vulnerability Description
Race condition in the JavaScript garbage collection in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code by causing the garbage collector to delete a temporary variable while it is still being used during the creation of a new Function object.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | 1.5 |
| Mozilla | Seamonkey | 1.0 |
| Mozilla | Thunderbird | 1.5 |
References
- ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc
- http://rhn.redhat.com/errata/RHSA-2006-0609.html
- http://secunia.com/advisories/19873PatchVendor Advisory
- http://secunia.com/advisories/21216PatchVendor Advisory
- http://secunia.com/advisories/21228PatchVendor Advisory
- http://secunia.com/advisories/21229PatchVendor Advisory
- http://secunia.com/advisories/21243
- http://secunia.com/advisories/21246
- http://secunia.com/advisories/21250
- http://secunia.com/advisories/21262
- http://secunia.com/advisories/21269
- http://secunia.com/advisories/21270
- http://secunia.com/advisories/21275
- http://secunia.com/advisories/21336
- http://secunia.com/advisories/21343
FAQ
What is CVE-2006-3803?
CVE-2006-3803 is a vulnerability with a CVSS score of 5.1 (MEDIUM). Race condition in the JavaScript garbage collection in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code...
How severe is CVE-2006-3803?
CVE-2006-3803 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3803?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Seamonkey, Mozilla Thunderbird.