CVE-2006-3806

Description

Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSource method of the Object, Array, and String objects; and (2) unspecified "string function arguments."

How to fix CVE-2006-3806

To remediate CVE-2006-3806, upgrade the affected package to a fixed version below.

• Debian/thunderbird—upgrade to 1.5.0.5-1 or later

Is CVE-2006-3806 being exploited?

Moderate — EPSS is 27.0%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 1.5.0.5-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2006-3806