CVE-2006-3677

Related Files

Mozilla Suite/Firefox Navigator Object Code Execution

Posted Oct 27, 2009

Authored by H D Moore | Site metasploit.com

This Metasploit module exploits a code execution vulnerability in the Mozilla Suite, Mozilla Firefox, and Mozilla Thunderbird applications. This exploit requires the Java plugin to be installed.

tags | exploit, java, code execution

advisories | CVE-2006-3677

SHA-256 | caa5d6f2c25885cd4fffdb12407195b2e4d778c8692372a40b3bbd7e922eccbb

Download | Favorite | View

Mandriva Linux Security Advisory 2006.143

Posted Aug 27, 2006

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory MDKSA-2006-143 - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program.

tags | advisory, vulnerability

systems | linux, mandriva

advisories | CVE-2006-2613, CVE-2006-2894, CVE-2006-2775, CVE-2006-2776, CVE-2006-2777, CVE-2006-2778, CVE-2006-2779, CVE-2006-2780, CVE-2006-2782, CVE-2006-2783, CVE-2006-2784, CVE-2006-2785, CVE-2006-2786, CVE-2006-2787, CVE-2006-2788, CVE-2006-3677, CVE-2006-3803, CVE-2006-3804

SHA-256 | 4ea8be5cbf740393a2e029272fa3cb4f90a624cde42c0cf0a7fc0f010f1b3f12

Download | Favorite | View

mobb.tgz

Posted Aug 3, 2006

Site browserfun.blogspot.com

Exploit for Mozilla Firefox versions 1.5.0.4 and below. The demonstration exploit below will attempt to launch "calc.exe" on Windows systems, execute "touch /tmp/METASPLOIT" on Linux systems, and bind a command shell to port 4444 for Mac OS X Intel and PowerPC systems. An anonymous researcher for TippingPoint and the Zero Day Initiative showed that when used in a web page Java would reference properties of the window.navigator object as it started up. If the page replaced the navigator object before starting Java then the browser would crash in a way that could be exploited to run native code supplied by the attacker.

tags | exploit, java, web, shell

systems | linux, windows, apple, osx

advisories | CVE-2006-3677

SHA-256 | 9e096b35f0514a051a6f1a202b7742ec4b356a48415a7e37748c715e85cf7500

Download | Favorite | View

Ubuntu Security Notice 327-1

Posted Jul 28, 2006

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-327-1 - A multitude of javascript related vulnerabilities have been patched in Firefox.

tags | advisory, javascript, vulnerability

systems | linux, ubuntu

advisories | CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812

SHA-256 | a86d624fcd8df7fc620b513f3e6fe047d4d853bda7e7a3cb1a90dbc9c55e4fbc

Download | Favorite | View

Technical Cyber Security Alert 2006-208A

Posted Jul 28, 2006

Authored by US-CERT | Site cert.org

Technical Cyber Security Alert TA06-208A - The Mozilla web browser and derived products contain several vulnerabilities, the most serious of which could allow a remote attacker to execute arbitrary code on an affected system.

tags | advisory, remote, web, arbitrary, vulnerability

advisories | CVE-2006-3801, CVE-2006-3677, CVE-2006-3113, CVE-2006-3803, CVE-2006-3805, CVE-2006-3804, CVE-2006-3806, CVE-2006-3807, CVE-2006-3811

SHA-256 | 86ea302741e04f7adec9c59cfe0f6d1c012d7ce705526cc004e3a7bf46a8a996

Download | Favorite | View

Zero Day Initiative Advisory 06-025

Posted Jul 28, 2006

Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability exists in Firefox versions 1.5.0 through 1.5.0.3 and SeaMonkey versions 1.0 through 1.0.2 that allows attackers to execute arbitrary code on vulnerable installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.

tags | advisory, arbitrary

advisories | CVE-2006-3677

SHA-256 | 92ff76589f52b7f12a99064f622ee16a1fcf346cee16f9c98a1edf93b848a97c

Download | Favorite | View