VDB

DEBIAN-CVE-2006-3807

DEBIAN-CVE-2006-3807 PUBLISHED CVSS 8.600000381469727 HIGH

Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object() constructor to return a reference to a privileged object and calling "named JavaScript functions" that use the constructor.

Risk Scores

CVSS 4.0
8.600000381469727
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

VendorProductVersions
Debian:11thunderbird0, 0, 0
Debian:13thunderbird0, 0, 0
Debian:14thunderbird0, 0, 0
Debian:12thunderbird0, 0, 0

Timeline

  • Jul 27, 2006 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›