CVE-2006-3809

Description

Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows scripts with the UniversalBrowserRead privilege to gain UniversalXPConnect privileges and possibly execute code or obtain sensitive data by reading into a privileged context.

How to fix CVE-2006-3809

To remediate CVE-2006-3809, upgrade the affected package to a fixed version below.

• Debian/thunderbird—upgrade to 1.5.0.5-1 or later

Is CVE-2006-3809 being exploited?

Low — EPSS is 3.0%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1.5.0.5-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2006-3809