Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1733

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2006-1733
Last Modified 07 Mar 2011 09:33:46
Published 14 Apr 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-1733

Summary

Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) "by inserting an XBL method into the DOM's document.body prototype chain."

Vulnerable Systems

Application

  • Mozilla Firefox 1.0

  • Mozilla Firefox 1.0.1

  • Mozilla Firefox 1.0.2

  • Mozilla Firefox 1.0.3

  • Mozilla Firefox 1.0.4

  • Mozilla Firefox 1.0.5

  • Mozilla Firefox 1.0.6

  • Mozilla Firefox 1.0.7

  • Mozilla Firefox 1.5

  • Mozilla Seamonkey 1.0

  • Mozilla Suite 1.7.10

  • Mozilla Suite 1.7.11

  • Mozilla Suite 1.7.12

  • Mozilla Suite 1.7.6

  • Mozilla Suite 1.7.7

  • Mozilla Suite 1.7.8

  • Mozilla Thunderbird 1.0

  • Mozilla Thunderbird 1.0.1

  • Mozilla Thunderbird 1.0.2

  • Mozilla Thunderbird 1.0.3

  • Mozilla Thunderbird 1.0.4

  • Mozilla Thunderbird 1.0.5

  • Mozilla Thunderbird 1.0.6

  • Mozilla Thunderbird 1.0.7

  • Mozilla Thunderbird 1.5


References

CERT - TA06-107A

CERT-VN - VU#488774

CONFIRM - http://www.mozilla.org/security/announce/2006/mfsa2006-16.html

SGI - 20060404-01-U

VUPEN - ADV-2006-1356

UBUNTU - USN-276-1

UBUNTU - USN-275-1

UBUNTU - USN-271-1

BID - 17516

HP - SSRT061158

FEDORA - FLSA:189137-2

FEDORA - FLSA:189137-1

HP - SSRT061145

HP - HPSBTU02118

REDHAT - RHSA-2006:0330

REDHAT - RHSA-2006:0329

REDHAT - RHSA-2006:0328

FEDORA - FEDORA-2006-411

FEDORA - FEDORA-2006-410

SUSE - SUSE-SA:2006:004

GENTOO - GLSA-200605-09

GENTOO - GLSA-200604-18

GENTOO - GLSA-200604-12

DEBIAN - DSA-1051

DEBIAN - DSA-1046

DEBIAN - DSA-1044

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm

SUNALERT - 228526

SUNALERT - 102550

SECUNIA - 21622

SECUNIA - 21033

SECUNIA - 19950

SECUNIA - 19941

SECUNIA - 19902

SECUNIA - 19863

SECUNIA - 19862

SECUNIA - 19852

SECUNIA - 19823

SECUNIA - 19821

SECUNIA - 19811

SECUNIA - 19794

SECUNIA - 19759

SECUNIA - 19746

SECUNIA - 19721

SECUNIA - 19714

SECUNIA - 19631

SUSE - SUSE-SA:2006:021

SCO - SCOSA-2006.26

XF - mozilla-valueof-code-execution(25817)

MANDRIVA - MDKSA-2006:078

MANDRIVA - MDKSA-2006:076

MANDRIVA - MDKSA-2006:075

SECUNIA - 20051

SECUNIA - 19780

SECUNIA - 19729

SECUNIA - 19696

HP - HPSBUX02122

SUSE - SUSE-SA:2006:022


Last Updated: 27 May 2016 10:42:35