[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-1733Date: (C)2006-04-14   (M)2024-03-27


Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) "by inserting an XBL method into the DOM's document.body prototype chain."

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SUNALERT-102550
BID-17516
SECUNIA-19631
SECUNIA-19696
SECUNIA-19714
SECUNIA-19721
SECUNIA-19729
SECUNIA-19746
SECUNIA-19759
SECUNIA-19780
SECUNIA-19794
SECUNIA-19811
SECUNIA-19821
SECUNIA-19823
SECUNIA-19852
SECUNIA-19862
SECUNIA-19863
SECUNIA-19902
SECUNIA-19941
SECUNIA-19950
SECUNIA-20051
20060404-01-U
SECUNIA-21033
SECUNIA-21622
SUNALERT-228526
ADV-2006-1356
DSA-1044
DSA-1046
DSA-1051
FEDORA-2006-410
FEDORA-2006-411
FLSA:189137-1
FLSA:189137-2
GLSA-200604-12
GLSA-200604-18
GLSA-200605-09
HPSBUX02122
MDKSA-2006:075
MDKSA-2006:076
MDKSA-2006:078
RHSA-2006:0328
RHSA-2006:0329
RHSA-2006:0330
SCOSA-2006.26
SSRT061145
SUSE-SA:2006:021
SUSE-SA:2006:022
TA06-107A
USN-271-1
USN-275-1
USN-276-1
VU#488774
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
http://www.mozilla.org/security/announce/2006/mfsa2006-16.html
mozilla-valueof-code-execution(25817)
oval:org.mitre.oval:def:10815
oval:org.mitre.oval:def:2020

CPE    28
cpe:/a:mozilla:thunderbird
cpe:/a:mozilla:thunderbird:1.0.5:beta
cpe:/a:mozilla:thunderbird:1.0.3
cpe:/a:mozilla:mozilla_suite:1.7.7
...
CWE    1
CWE-264
OVAL    1
oval:org.mitre.oval:def:2020

© SecPod Technologies