CVE-2006-3677

Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a crash that leads to code execution.

Affected Software

Name	Vendor	Start Version	End Version
Firefox	Mozilla	1.5 (including)	1.5 (including)
Firefox	Mozilla	1.5.0.1 (including)	1.5.0.1 (including)
Firefox	Mozilla	1.5.0.2 (including)	1.5.0.2 (including)
Firefox	Mozilla	1.5.0.3 (including)	1.5.0.3 (including)
Firefox	Mozilla	1.5.0.4 (including)	1.5.0.4 (including)
Seamonkey	Mozilla	1.0 (including)	1.0 (including)
Seamonkey	Mozilla	1.0.1 (including)	1.0.1 (including)
Seamonkey	Mozilla	1.0.2 (including)	1.0.2 (including)
Red Hat Enterprise Linux 3	RedHat	seamonkey-0:1.0.3-0.el3.1	*
Red Hat Enterprise Linux 4	RedHat	devhelp-0:0.10-0.2.el4	*
Red Hat Enterprise Linux 4	RedHat	seamonkey-0:1.0.3-0.el4.1	*
Red Hat Enterprise Linux 4	RedHat	firefox-0:1.5.0.5-0.el4.1	*
Red Hat Enterprise Linux 4	RedHat	thunderbird-0:1.5.0.5-0.el4.1	*
Red Hat Enterprise Linux AS (Advanced Server) version 2.1	RedHat		*
Red Hat Enterprise Linux ES version 2.1	RedHat		*
Red Hat Enterprise Linux WS version 2.1	RedHat		*
Red Hat Linux Advanced Workstation 2.1	RedHat		*
Firefox	Ubuntu	dapper	*
Firefox-granparadiso	Ubuntu	devel	*
Lightning-sunbird	Ubuntu	devel	*
Midbrowser	Ubuntu	devel	*
Xulrunner	Ubuntu	devel	*
Xulrunner	Ubuntu	edgy	*
Xulrunner	Ubuntu	feisty	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-3677
CWE	https://cwe.mitre.org/data/definitions/16.html

Affected Software

References