[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-1726Date: (C)2006-04-14   (M)2024-03-27


Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the js_ValueToFunctionObject check and execute arbitrary code via unknown vectors involving setTimeout and Firefox' ForEach method.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1015931
SECTRACK-1015932
SECTRACK-1015933
BID-17516
SECUNIA-19631
SECUNIA-19649
SECUNIA-22065
SECUNIA-22066
ADV-2006-1356
ADV-2006-3748
ADV-2006-3749
ADV-2008-0083
SSRT061145
SSRT061181
SSRT061236
TA06-107A
VU#968814
http://www.mozilla.org/security/announce/2006/mfsa2006-28.html
mozilla-valuetofunctionobject-sec-bypass(25825)
oval:org.mitre.oval:def:1968

CPE    24
cpe:/a:mozilla:thunderbird:1.0.3
cpe:/a:mozilla:thunderbird:1.0.5:beta
cpe:/a:mozilla:thunderbird:1.0.2
cpe:/a:mozilla:thunderbird:1.0.1
...
CWE    1
CWE-264
OVAL    1
oval:org.mitre.oval:def:1968

© SecPod Technologies