CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-3807

Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object() constructor to return a reference to a privileged object and calling "named JavaScript functions" that use the constructor.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.275

EPSS Ranking 96.2%

CVSS Severity

CVSS v2 Score 7.5

References

Products affected by CVE-2006-3807

Mozilla » Firefox » Version: 1.5

cpe:2.3:a:mozilla:firefox:1.5
Mozilla » Firefox » Version: 1.5.0.1

cpe:2.3:a:mozilla:firefox:1.5.0.1
Mozilla » Firefox » Version: 1.5.0.2

cpe:2.3:a:mozilla:firefox:1.5.0.2
Mozilla » Firefox » Version: 1.5.0.3

cpe:2.3:a:mozilla:firefox:1.5.0.3
Mozilla » Firefox » Version: 1.5.0.4

cpe:2.3:a:mozilla:firefox:1.5.0.4
Mozilla » Seamonkey » Version: 1.0

cpe:2.3:a:mozilla:seamonkey:1.0
Mozilla » Seamonkey » Version: 1.0.1

cpe:2.3:a:mozilla:seamonkey:1.0.1
Mozilla » Seamonkey » Version: 1.0.2

cpe:2.3:a:mozilla:seamonkey:1.0.2
Mozilla » Thunderbird » Version: 1.5

cpe:2.3:a:mozilla:thunderbird:1.5
Mozilla » Thunderbird » Version: 1.5.0.2

cpe:2.3:a:mozilla:thunderbird:1.5.0.2
Mozilla » Thunderbird » Version: 1.5.0.4

cpe:2.3:a:mozilla:thunderbird:1.5.0.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-3807

Products

Pricing

Contact Us