CVE-2006-3677

EXPLOITED

Mozilla Firefox <1.5.0.5 & SeaMonkey <1.0.3 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2006-3677 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 4 public exploits from researchers including Metasploit, H D Moore, hdm, including a Metasploit module exploits/multi/browser/mozilla_navigatorjava.

AI-analyzed exploit summary This Metasploit module exploits a code execution vulnerability in Mozilla Suite/Firefox by leveraging the Java plugin to trigger a memory corruption issue via the navigator object. It generates a malicious HTML page that, when loaded, executes arbitrary shellcode.

Description

Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a crash that leads to code execution.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotemultiple
https://www.exploit-db.com/exploits/16300

This Metasploit module exploits a code execution vulnerability in Mozilla Suite/Firefox by leveraging the Java plugin to trigger a memory corruption issue via the navigator object. It generates a malicious HTML page that, when loaded, executes arbitrary shellcode.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Mozilla Suite/Firefox 1.5.0.4 (Windows/Linux/Mac OS X)
No auth needed
Prerequisites: Java plugin installed · Victim visits malicious webpage
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by H D Moore · htmlremotemultiple
https://www.exploit-db.com/exploits/2082

This is a functional proof-of-concept exploit for CVE-2006-3677, targeting Firefox <= 1.5.0.4. It leverages a JavaScript navigator object vulnerability to execute arbitrary code via shellcode tailored for Windows, Linux, and macOS (PPC/Intel).

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Mozilla Firefox <= 1.5.0.4
No auth needed
Prerequisites: Java plugin enabled · Target browser version <= 1.5.0.4
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by H D Moore · rubyremotemultiple
https://www.exploit-db.com/exploits/9946

This Metasploit module exploits a code execution vulnerability in Mozilla Suite/Firefox by leveraging the Java plugin to trigger a memory corruption via the Navigator object. It generates a malicious HTML page that, when loaded, executes shellcode to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Mozilla Suite/Firefox 1.5.0.4 (Windows/Linux/Mac OS X)
No auth needed
Prerequisites: Java plugin installed · Victim visits malicious webpage
devstral-2 · analyzed Feb 18, 2026 Full analysis →
metasploit WORKING POC NORMAL
by hdm · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/browser/mozilla_navigatorjava.rb

This Metasploit module exploits a code execution vulnerability in Mozilla Suite/Firefox by leveraging the Java plugin to trigger a memory corruption issue. It generates a malicious HTML page that, when loaded, executes shellcode via a crafted Java reflection call.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Mozilla Firefox 1.5.0.4 (Windows/Linux/Mac OS X)
No auth needed
Prerequisites: Java plugin installed · Victim visits malicious webpage
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (47)

Core 47
Core References
Issue Tracking x_refsource_confirm
https://issues.rpath.com/browse/RPL-536
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/441332/100/0/threaded
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/21243
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2006-0608.html
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200608-02.xml
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2006:145
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3748
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/39998
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/19181
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/27981
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA06-208A.html
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/2998
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/441333/100/0/threaded
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/21529
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10745
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/21216
Third Party Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2006-0594.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/21336
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2006-0610.html
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/670060
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2006-0609.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22210
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1016586
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19873
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/21262
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/21532
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/21270
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0083
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/327-1/
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/21361
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/21631
Third Party Advisory, VDB Entry vendor-advisory x_refsource_hp
http://www.securityfocus.com/archive/1/446658/100/200/threaded
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/21246
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/21229
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1016587
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2006-0611.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22066
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/21269
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/21343
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2006:143
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/19192
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-354-1
Vendor Advisory vendor-advisory x_refsource_sgi
ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc

Scores

EPSS 0.6730
EPSS Percentile 98.6%

Details

VulnCheck KEV 2010-05-01
CWE
CWE-16
Status published
Products (8)
mozilla/firefox 1.5
mozilla/firefox 1.5.0.1
mozilla/firefox 1.5.0.2
mozilla/firefox 1.5.0.3
mozilla/firefox 1.5.0.4
mozilla/seamonkey 1.0 (2 CPE variants)
mozilla/seamonkey 1.0.1
mozilla/seamonkey 1.0.2
Published Jul 27, 2006
Tracked Since Feb 18, 2026