Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2006-3113

Disclosure Date: July 27, 2006
CVE-2006-3113
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via simultaneous XPCOM events, which causes a timer object to be deleted in a way that triggers memory corruption.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • mozilla

Products

  • firefox 1.5,
  • firefox 1.5.0.1,
  • firefox 1.5.0.2,
  • firefox 1.5.0.3,
  • firefox 1.5.0.4,
  • seamonkey 1.0,
  • seamonkey 1.0.1,
  • seamonkey 1.0.2,
  • thunderbird 1.5,
  • thunderbird 1.5.0.2,
  • thunderbird 1.5.0.4

References

Canonical
CVE-2006-3113 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3113)
BID-19181 (http://www.securityfocus.com/bid/19181)
BID-19197 (http://www.securityfocus.com/bid/19197)
Advisory
VU#239124 (http://www.kb.cert.org/vuls/id/239124)
SECUNIA-21243 (http://secunia.com/advisories/21243)
http://www.redhat.com/support/errata/RHSA-2006-0608.html
GLSA-200608-02 (http://security.gentoo.org/glsa/glsa-200608-02.xml)
http://www.mandriva.com/security/advisories?name=MDKSA-2006:145
ADV-2006-3748 (http://www.vupen.com/english/advisories/2006/3748)
TA06-208A (http://www.us-cert.gov/cas/techalerts/TA06-208A.html)
SECUNIA-22055 (http://secunia.com/advisories/22055)
XF-mozilla-xpcom-memory-corruption(27982) (https://exchange.xforce.ibmcloud.com/vulnerabilities/27982)
ADV-2006-2998 (http://www.vupen.com/english/advisories/2006/2998)
20060727 rPSA-2006-0137-1 firefox (http://www.securityfocus.com/archive/1/441333/100/0/threaded)
SECUNIA-21529 (http://secunia.com/advisories/21529)
SECUNIA-21216 (http://secunia.com/advisories/21216)
GLSA-200608-03 (http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml)
http://www.redhat.com/support/errata/RHSA-2006-0594.html
SECUNIA-21336 (http://secunia.com/advisories/21336)
ADV-2006-3749 (http://www.vupen.com/english/advisories/2006/3749)
20060727 Secunia Research: Mozilla Firefox XPCOM Event Handling MemoryCorruption (http://www.securityfocus.com/archive/1/441330/100/0/threaded)
http://www.redhat.com/support/errata/RHSA-2006-0610.html
SECTRACK-1016588 (http://securitytracker.com/id?1016588)
USN-329-1 (https://usn.ubuntu.com/329-1)
http://www.mandriva.com/security/advisories?name=MDKSA-2006:146
http://rhn.redhat.com/errata/RHSA-2006-0609.html
SECUNIA-22210 (http://secunia.com/advisories/22210)
SECUNIA-21607 (http://secunia.com/advisories/21607)
SECTRACK-1016586 (http://securitytracker.com/id?1016586)
SECUNIA-19873 (http://secunia.com/advisories/19873)
SECUNIA-21262 (http://secunia.com/advisories/21262)
SECUNIA-21532 (http://secunia.com/advisories/21532)
SECUNIA-21270 (http://secunia.com/advisories/21270)
ADV-2008-0083 (http://www.vupen.com/english/advisories/2008/0083)
USN-327-1 (https://usn.ubuntu.com/327-1)
SECUNIA-21361 (http://secunia.com/advisories/21361)
SECUNIA-21631 (http://secunia.com/advisories/21631)
SSRT061181 (http://www.securityfocus.com/archive/1/446658/100/200/threaded)
SSRT061236 (http://www.securityfocus.com/archive/1/446657/100/200/threaded)
SECUNIA-21275 (http://secunia.com/advisories/21275)
SECUNIA-21246 (http://secunia.com/advisories/21246)
http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html
http://www.mozilla.org/security/announce/2006/mfsa2006-46.html
SECUNIA-21229 (http://secunia.com/advisories/21229)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10261
SECTRACK-1016587 (http://securitytracker.com/id?1016587)
http://www.redhat.com/support/errata/RHSA-2006-0611.html
SECUNIA-21228 (http://secunia.com/advisories/21228)
SECUNIA-21250 (http://secunia.com/advisories/21250)
USN-350-1 (http://www.ubuntu.com/usn/usn-350-1)
SECUNIA-21358 (http://secunia.com/advisories/21358)
https://issues.rpath.com/browse/RPL-536
https://issues.rpath.com/browse/RPL-537
SECUNIA-22066 (http://secunia.com/advisories/22066)
SECUNIA-21269 (http://secunia.com/advisories/21269)
GLSA-200608-04 (http://security.gentoo.org/glsa/glsa-200608-04.xml)
SECUNIA-21343 (http://secunia.com/advisories/21343)
http://www.mandriva.com/security/advisories?name=MDKSA-2006:143
SECUNIA-22065 (http://secunia.com/advisories/22065)
USN-354-1 (http://www.ubuntu.com/usn/usn-354-1)
Miscellaneous
http://secunia.com/secunia_research/2006-53/advisory

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis