This vulnerability allows attackers to execute arbitrary code on vulnerable installations of the Mozilla Firefox web browser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The flaw exists when assigning specific values to the window.navigator object. A lack of checking on assignment causes user supplied data to be later used in the creation of other objects leading to eventual code execution.

References

www.mozilla.org/security/announce/2006/mfsa2006-45.html

saint 4

seebug 3

securityvulns 3

checkpoint_advisories 2

cve 2

debiancve 1

mozilla 1

cert 1

exploitpack 1

packetstorm 1

ubuntucve 1

exploitdb 1

prion 1

openvas 7

ubuntu 1

nessus 21

gentoo 2

suse 1

centos 5

freebsd 1

redhat 5

oraclelinux 2

saint

Mozilla Firefox JavaScript Navigator object vulnerability

2006-08-14 00:00:00

Mozilla Firefox JavaScript Navigator object vulnerability

2006-08-14 00:00:00

Mozilla Firefox JavaScript Navigator object vulnerability

2006-08-14 00:00:00

seebug

Mozilla Firefox Javascript Navigator Object Remote Code Execution Vulnerability

2006-10-24 00:00:00

Mozilla Firefox <= 1.5.0.4 Javascript Navigator Object Code Execution PoC

2006-07-28 00:00:00

Mozilla Firefox <= 1.5.0.4 - Javascript Navigator Object Code Execution PoC

2014-07-01 00:00:00

securityvulns

Netscape/K-Meleon/Flock JavaScript navigator Vulnerability

2006-08-02 00:00:00

[Full-disclosure] ZDI-06-025: Mozilla Firefox Javascript navigator Object Vulnerability

2006-07-27 00:00:00

US-CERT Technical Cyber Security Alert TA06-208A -- Mozilla Products Contain Multiple Vulnerabilities

2006-07-28 00:00:00

checkpoint_advisories

Mozilla Browsers JavaScript Navigator Object Memory Corruption - Ver2 (CVE-2006-3677)

2014-04-16 00:00:00

Mozilla Browsers JavaScript Navigator Object Memory Corruption - Ver2 (CVE-2006-3677)

2014-04-16 00:00:00

cve

CVE-2006-3677

2006-07-27 19:04:00

CVE-2008-0729

2008-02-12 21:00:00

debiancve

CVE-2006-3677

2006-07-27 19:04:00

mozilla

Javascript navigator Object Vulnerability — Mozilla

2006-07-25 00:00:00

cert

Mozilla fails to properly release JavaScript references

2006-07-27 00:00:00

exploitpack

Mozilla Firefox 1.5.0.4 - JavaScript Navigator Object Code Execution

2006-07-28 00:00:00

packetstorm

Mozilla Suite/Firefox Navigator Object Code Execution

2009-10-27 00:00:00

ubuntucve

CVE-2006-3677

2006-07-27 00:00:00

exploitdb

Mozilla Firefox 1.5.0.4 - JavaScript Navigator Object Code Execution

2006-07-28 00:00:00

prion

Design/Logic Flaw

2008-02-12 21:00:00

openvas

Gentoo Security Advisory GLSA 200608-03 (Firefox)

2008-09-24 00:00:00

Gentoo Security Advisory GLSA 200608-03 (Firefox)

2008-09-24 00:00:00

Ubuntu: Security Advisory (USN-327-1)

2022-08-26 00:00:00

ubuntu

firefox vulnerabilities

2006-07-28 00:00:00

nessus

Firefox < 1.5.0.5 Multiple Vulnerabilities

2006-07-27 00:00:00

openSUSE 10 Security Update : seamonkey (seamonkey-1952)

2007-10-17 00:00:00

GLSA-200608-03 : Mozilla Firefox: Multiple vulnerabilities

2006-08-04 00:00:00

gentoo

Mozilla Firefox: Multiple vulnerabilities

2006-08-03 00:00:00

Mozilla SeaMonkey: Multiple vulnerabilities

2006-08-03 00:00:00

suse

remote code execution in MozillaFirefox,MozillaThunderbird,Seamonkey

2006-08-16 15:11:18

centos

seamonkey security update

2006-08-04 20:56:41

thunderbird security update

2006-07-29 11:51:27

firefox security update

2006-07-29 11:51:13

freebsd

mozilla -- multiple vulnerabilities

2006-07-25 00:00:00

redhat

(RHSA-2006:0608) seamonkey security update

2006-07-27 00:00:00

(RHSA-2006:0611) thunderbird security update

2006-07-28 00:00:00

(RHSA-2006:0610) firefox security update

2006-07-28 00:00:00

oraclelinux

Critical firefox security update

2006-12-07 00:00:00

Critical thunderbird security update

2006-12-07 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.973 High

EPSS

Percentile

99.9%

JSON

Related for ZDI-06-025