Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2787

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2006-2787
Last Modified 07 Mar 2011 09:37:01
Published 02 Jun 2006 04:02:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-2787

Summary

EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox.

Vulnerable Systems

Application

  • Mozilla Firefox 1.0

  • Mozilla Firefox 1.0.1

  • Mozilla Firefox 1.0.2

  • Mozilla Firefox 1.0.3

  • Mozilla Firefox 1.0.4

  • Mozilla Firefox 1.0.5

  • Mozilla Firefox 1.0.6

  • Mozilla Firefox 1.0.7

  • Mozilla Firefox 1.5

  • Mozilla Firefox 1.5.0.1

  • Mozilla Firefox Preview Release

  • Mozilla Thunderbird 1.0

  • Mozilla Thunderbird 1.0.1

  • Mozilla Thunderbird 1.0.2

  • Mozilla Thunderbird 1.0.3

  • Mozilla Thunderbird 1.0.4

  • Mozilla Thunderbird 1.0.5

  • Mozilla Thunderbird 1.0.6

  • Mozilla Thunderbird 1.0.7

  • Mozilla Thunderbird 1.5


References

XF - mozilla-valueof-sandbox-bypass(26842)

VUPEN - ADV-2008-0083

VUPEN - ADV-2006-3749

VUPEN - ADV-2006-3748

VUPEN - ADV-2006-2106

UBUNTU - USN-323-1

UBUNTU - USN-297-3

UBUNTU - USN-297-1

UBUNTU - USN-296-2

UBUNTU - USN-296-1

BID - 18228

HP - SSRT061181

HP - HPSBUX02156

BUGTRAQ - 20060602 rPSA-2006-0091-1 firefox thunderbird

REDHAT - RHSA-2006:0611

REDHAT - RHSA-2006:0610

REDHAT - RHSA-2006:0594

REDHAT - RHSA-2006:0578

SUSE - SUSE-SA:2006:035

CONFIRM - http://www.mozilla.org/security/announce/2006/mfsa2006-31.html

MANDRIVA - MDKSA-2006:146

MANDRIVA - MDKSA-2006:145

MANDRIVA - MDKSA-2006:143

GENTOO - GLSA-200606-21

GENTOO - GLSA-200606-12

DEBIAN - DSA-1134

DEBIAN - DSA-1120

DEBIAN - DSA-1118

SECTRACK - 1016214

SECTRACK - 1016202

SECUNIA - 21631

SECUNIA - 21607

SECUNIA - 21532

SECUNIA - 21336

SECUNIA - 21324

SECUNIA - 21270

SECUNIA - 21269

SECUNIA - 21210

SECUNIA - 21188

SECUNIA - 21183

SECUNIA - 21178

SECUNIA - 21176

SECUNIA - 21134

SECUNIA - 20709

SECUNIA - 20561

SECUNIA - 20382

SECUNIA - 20376

REDHAT - RHSA-2006:0609

SECUNIA - 22066

SECUNIA - 22065

HP - HPSBUX02153

HP - SSRT061236


Last Updated: 27 May 2016 10:42:35