Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1726

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2006-1726
Last Modified 07 Mar 2011 09:33:44
Published 14 Apr 2006 06:02:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-1726

Summary

Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the js_ValueToFunctionObject check and execute arbitrary code via unknown vectors involving setTimeout and Firefox' ForEach method.

Vulnerable Systems

Application

  • Mozilla Firefox 1.0

  • Mozilla Firefox 1.0.1

  • Mozilla Firefox 1.0.2

  • Mozilla Firefox 1.0.3

  • Mozilla Firefox 1.0.4

  • Mozilla Firefox 1.0.5

  • Mozilla Firefox 1.0.6

  • Mozilla Firefox 1.0.7

  • Mozilla Firefox 1.5

  • Mozilla Firefox 1.5.0.1

  • Mozilla Firefox Preview Release

  • Mozilla Seamonkey 1.0

  • Mozilla Thunderbird 1.0

  • Mozilla Thunderbird 1.0.1

  • Mozilla Thunderbird 1.0.2

  • Mozilla Thunderbird 1.0.3

  • Mozilla Thunderbird 1.0.4

  • Mozilla Thunderbird 1.0.5

  • Mozilla Thunderbird 1.0.6

  • Mozilla Thunderbird 1.0.7

  • Mozilla Thunderbird 1.5


References

CERT - TA06-107A

CERT-VN - VU#968814

CONFIRM - http://www.mozilla.org/security/announce/2006/mfsa2006-28.html

XF - mozilla-valuetofunctionobject-sec-bypass(25825)

VUPEN - ADV-2008-0083

VUPEN - ADV-2006-3749

VUPEN - ADV-2006-3748

VUPEN - ADV-2006-1356

BID - 17516

HP - SSRT061181

HP - HPSBUX02153

HP - SSRT061236

HP - SSRT061145

HP - HPSBTU02118

SECTRACK - 1015933

SECTRACK - 1015932

SECTRACK - 1015931

SECUNIA - 22066

SECUNIA - 22065

SECUNIA - 19649

SECUNIA - 19631

HP - HPSBUX02156


Last Updated: 27 May 2016 10:42:35