NVD脆弱性詳細

CVE-2006-3806

概要	Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSource method of the Object, Array, and String objects; and (2) unspecified "string function arguments."
公表日	2006年7月28日4:04
登録日	2021年1月29日15:42
最終更新日	2018年10月18日6:30

CVSS2.0 : HIGH
スコア	7.5
ベクター	AV:N/AC:L/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
全ての特権を取得	いいえ
ユーザー権限を取得	はい
その他の権限を取得	いいえ
ユーザー操作が必要	いいえ

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:mozilla:firefox:1.5:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.1:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.2:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.3:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.4:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0::dev:::::
cpe:2.3:a:mozilla:seamonkey:1.0.1:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.2:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.2:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.4:::::::*

関連情報、対策とツール

No	URL	refsource	タグ
1	ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc	SGI
2	http://rhn.redhat.com/errata/RHSA-2006-0609.html	REDHAT	Vendor Advisory
3	http://secunia.com/advisories/19873	SECUNIA	Patch Vendor Advisory
4	http://secunia.com/advisories/21216	SECUNIA	Patch Vendor Advisory
5	http://secunia.com/advisories/21228	SECUNIA	Patch Vendor Advisory
6	http://secunia.com/advisories/21229	SECUNIA	Patch Vendor Advisory
7	http://secunia.com/advisories/21243	SECUNIA	Vendor Advisory
8	http://secunia.com/advisories/21246	SECUNIA	Vendor Advisory
9	http://secunia.com/advisories/21250	SECUNIA	Vendor Advisory
10	http://secunia.com/advisories/21262	SECUNIA	Vendor Advisory
11	http://secunia.com/advisories/21269	SECUNIA	Vendor Advisory
12	http://secunia.com/advisories/21270	SECUNIA	Vendor Advisory
13	http://secunia.com/advisories/21275	SECUNIA	Vendor Advisory
14	http://secunia.com/advisories/21336	SECUNIA	Vendor Advisory
15	http://secunia.com/advisories/21343	SECUNIA	Vendor Advisory
16	http://secunia.com/advisories/21358	SECUNIA	Vendor Advisory
17	http://secunia.com/advisories/21361	SECUNIA	Vendor Advisory
18	http://secunia.com/advisories/21529	SECUNIA	Vendor Advisory
19	http://secunia.com/advisories/21532	SECUNIA	Vendor Advisory
20	http://secunia.com/advisories/21607	SECUNIA	Vendor Advisory
21	http://secunia.com/advisories/21631	SECUNIA	Vendor Advisory
22	http://secunia.com/advisories/21634	SECUNIA	Vendor Advisory
23	http://secunia.com/advisories/21654	SECUNIA	Vendor Advisory
24	http://secunia.com/advisories/21675	SECUNIA	Vendor Advisory
25	http://secunia.com/advisories/22055	SECUNIA
26	http://secunia.com/advisories/22065	SECUNIA
27	http://secunia.com/advisories/22066	SECUNIA
28	http://secunia.com/advisories/22210	SECUNIA
29	http://secunia.com/advisories/22342	SECUNIA
30	http://security.gentoo.org/glsa/glsa-200608-02.xml	GENTOO
31	http://security.gentoo.org/glsa/glsa-200608-04.xml	GENTOO
32	http://securitytracker.com/id?1016586	SECTRACK
33	http://securitytracker.com/id?1016587	SECTRACK
34	http://securitytracker.com/id?1016588	SECTRACK
35	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102763-1	SUNALERT
36	http://www.debian.org/security/2006/dsa-1159	DEBIAN
37	http://www.debian.org/security/2006/dsa-1160	DEBIAN
38	http://www.debian.org/security/2006/dsa-1161	DEBIAN
39	http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml	GENTOO
40	http://www.kb.cert.org/vuls/id/655892	CERT-VN	Third Party Advisory US Government Resource
41	http://www.mandriva.com/security/advisories?name=MDKSA-2006:143	MANDRIVA
42	http://www.mandriva.com/security/advisories?name=MDKSA-2006:145	MANDRIVA
43	http://www.mandriva.com/security/advisories?name=MDKSA-2006:146	MANDRIVA
44	http://www.mozilla.org/security/announce/2006/mfsa2006-50.html	CONFIRM	Vendor Advisory
45	http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html	SUSE
46	http://www.redhat.com/support/errata/RHSA-2006-0594.html	REDHAT
47	http://www.redhat.com/support/errata/RHSA-2006-0608.html	REDHAT	Vendor Advisory
48	http://www.redhat.com/support/errata/RHSA-2006-0610.html	REDHAT	Vendor Advisory
49	http://www.redhat.com/support/errata/RHSA-2006-0611.html	REDHAT	Vendor Advisory
50	http://www.securityfocus.com/archive/1/441333/100/0/threaded	BUGTRAQ
51	http://www.securityfocus.com/archive/1/446657/100/200/threaded	HP
52	http://www.securityfocus.com/archive/1/446658/100/200/threaded	HP
53	http://www.securityfocus.com/bid/19181	BID	Patch
54	http://www.ubuntu.com/usn/usn-350-1	UBUNTU
55	http://www.ubuntu.com/usn/usn-354-1	UBUNTU
56	http://www.ubuntu.com/usn/usn-361-1	UBUNTU
57	http://www.us-cert.gov/cas/techalerts/TA06-208A.html	CERT	US Government Resource
58	http://www.vupen.com/english/advisories/2006/2998	VUPEN
59	http://www.vupen.com/english/advisories/2006/3748	VUPEN
60	http://www.vupen.com/english/advisories/2006/3749	VUPEN
61	http://www.vupen.com/english/advisories/2007/0058	VUPEN
62	http://www.vupen.com/english/advisories/2008/0083	VUPEN
63	https://exchange.xforce.ibmcloud.com/vulnerabilities/27987	XF
64	https://issues.rpath.com/browse/RPL-536	CONFIRM
65	https://issues.rpath.com/browse/RPL-537	CONFIRM
66	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11232	OVAL
67	https://usn.ubuntu.com/327-1/	UBUNTU
68	https://usn.ubuntu.com/329-1/	UBUNTU

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-189	数値処理の問題	https://cwe.mitre.org/data/definitions/189.html

構成1	以上	以下	より上	未満
cpe:2.3:a:mozilla:firefox:1.5:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.1:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.2:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.3:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.4:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0::dev:::::
cpe:2.3:a:mozilla:seamonkey:1.0.1:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.2:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.2:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.4:::::::*