CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
96.8%
Mozilla products fail to properly enforce security restrictions in JavaScript. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code.
968814
Filter by status: All Affected Not Affected Unknown
Filter by content: __Additional information available
__Sort by: Status Alphabetical
Expand all
Javascript is disabled. Clickhere to view vendors.
Updated: April 17, 2006
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Refer to http://www.mozilla.org/security/announce/2006/mfsa2006-28.html.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Updated: May 17, 2006
Not Affected
This issue only affected version 1.5 of Firefox and Thunderbird. Red Hat Enterprise Linux 4 shipped with Firefox and Thunderbird versions prior to 1.5 and are not vulnerable to this issue. Other releases of Red Hat Enterprise Linux did not ship with Firefox or Thunderbird and were therefore not vulnerable to this issue.
The vendor has not provided us with any further information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
http://www.mozilla.org/security/announce/2006/mfsa2006-28.html
This vulnerability was reported in Mozilla Foundation Security Advisory 2006-28.
This document was written by Jeff Gennari.
CVE IDs: | CVE-2006-1726 |
---|---|
Severity Metric: | 20.45 Date Public: |