CVE-2006-3803

Description

Race condition in the JavaScript garbage collection in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code by causing the garbage collector to delete a temporary variable while it is still being used during the creation of a new Function object.

Risk Information

Base Score

8.8

MODERATE

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

24.704

Associated Vulnerability

Vulnerability	OS Platform
Multiple vulnerabilities affected in Mozilla Firefox (x64) 1.5.0.4	Windows
Multiple vulnerabilities affected in Mozilla Thunderbird 1.5.0.4	Windows
Multiple vulnerabilities affected in Mozilla_Firefox 1.5.0.4	Windows
Multiple vulnerabilities affected in SeaMonkey 1.0.2	Windows
Multiple Vulnerabilities are affected in Mozilla Thunderbird 1.5	Windows
Multiple Vulnerabilities are affected in Mozilla Thunderbird 1.5.0.2	Windows
Multiple Vulnerabilities are affected in Mozilla Thunderbird 1.5.0.4	Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 1.5	Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 1.5.0.1	Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 1.5.0.2	Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 1.5.0.3	Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 1.5.0.4	Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 1.5	Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 1.5.0.1	Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 1.5.0.2	Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 1.5.0.3	Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 1.5.0.4	Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-343016	Mozilla Firefox (x64) (132.0.2)
PATCH-315938	Mozilla Thunderbird (68.12.0)
PATCH-343015	Mozilla Firefox (132.0.2)
PATCH-341197	SeaMonkey (2.53.19)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234