CVE-2006-3677
EXPLOITEDMozilla Firefox <1.5.0.5 & SeaMonkey <1.0.3 - RCE
Title source: llmDescription
Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a crash that leads to code execution.
Exploits (4)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotemultiple
https://www.exploit-db.com/exploits/16300
exploitdb
WORKING POC
VERIFIED
by H D Moore · htmlremotemultiple
https://www.exploit-db.com/exploits/2082
exploitdb
WORKING POC
VERIFIED
by H D Moore · rubyremotemultiple
https://www.exploit-db.com/exploits/9946
metasploit
WORKING POC
NORMAL
by hdm · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/browser/mozilla_navigatorjava.rb
References (47)
... and 27 more
Scores
EPSS
0.6730
EPSS Percentile
98.6%
Details
VulnCheck KEV
2010-05-01
CWE
CWE-16
Status
published
Products (8)
mozilla/firefox
1.5
mozilla/firefox
1.5.0.1
mozilla/firefox
1.5.0.2
mozilla/firefox
1.5.0.3
mozilla/firefox
1.5.0.4
mozilla/seamonkey
1.0 (2 CPE variants)
mozilla/seamonkey
1.0.1
mozilla/seamonkey
1.0.2
Published
Jul 27, 2006
Tracked Since
Feb 18, 2026