|
|
|||
| Rule General Information |
|---|
| Release Date: | 2019-07-05 | |
| Rule Name: | Mozilla Firefox Javascript Engine Memory Corruption (String.toSource) Vulnerability (CVE-2006-3806) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSource method of the Object, Array, and String objects; and (2) unspecified "string function arguments." | |
| Impact: | An attacker can execute arbitrary code in the context of the vulnerable system. Failed exploit may cause denial-of-service attack. | |
| Affected OS: | Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others | |
| Reference: | SecurityFocusBID:19181 ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc http://rhn.redhat.com/errata/RHSA-2006-0609.html http://security.gentoo.org/glsa/glsa-200608-02.xml |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: http://lwn.net/Alerts/193397/?format=printable |