GSD-2006-3677 — Vulnetix

Try Vulnetix Request Demo

GSD-2006-3677 PUBLISHED

Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a crash that leads to code execution.

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a

Timeline

Jul 26, 2006 CVE Published
Sep 20, 2010 PoC Published
May 29, 2018 PoC Published
Feb 6, 2025 PoC Published
Feb 23, 2025 PoC Published
Sep 9, 2025 PoC Published
Apr 15, 2026 Distribution Patch
Apr 15, 2026 Security Advisory
Apr 15, 2026 Security Advisory

References

20060726 ZDI-06-025: Mozilla Firefox Javascript navigator Object Vulnerability mailing-list
21243 third-party-advisory
RHSA-2006:0608 vendor-advisory
GLSA-200608-02 vendor-advisory
MDKSA-2006:145 vendor-advisory
ADV-2006-3748 vdb
iphone-mobilesafari-dos(39998) vdb
19181 vdb
mozilla-javascript-navigator-code-excecution(27981) vdb
TA06-208A third-party-advisory
ADV-2006-2998 vdb
20060727 rPSA-2006-0137-1 firefox mailing-list
21529 third-party-advisory
http://www.zerodayinitiative.com/advisories/ZDI-06-025.html url
oval:org.mitre.oval:def:10745 vdb
21216 third-party-advisory
GLSA-200608-03 vendor-advisory
RHSA-2006:0594 vendor-advisory
21336 third-party-advisory
RHSA-2006:0610 vendor-advisory

…and 27 more

Open in Interactive Console →