CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
100.0%
A Mozilla Foundation Security Advisory reports of multiple
issues. Several of which can be used to run arbitrary code
with the privilege of the user running the program.
MFSA 2006-29 Spoofing with translucent windows
MFSA 2006-28 Security check of js_ValueToFunctionObject() can be circumvented
MFSA 2006-26 Mail Multiple Information Disclosure
MFSA 2006-25 Privilege escalation through Print Preview
MFSA 2006-24 Privilege escalation using crypto.generateCRMFRequest
MFSA 2006-23 File stealing by changing input type
MFSA 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability
MFSA 2006-20 Crashes with evidence of memory corruption (rv:1.8.0.2)
MFSA 2006-19 Cross-site scripting using .valueOf.call()
MFSA 2006-18 Mozilla Firefox Tag Order Vulnerability
MFSA 2006-17 cross-site scripting through window.controllers
MFSA 2006-16 Accessing XBL compilation scope via valueOf.call()
MFSA 2006-15 Privilege escalation using a JavaScript function’s cloned parent
MFSA 2006-14 Privilege escalation via XBL.method.eval
MFSA 2006-13 Downloading executables with “Save Image As…”
MFSA 2006-12 Secure-site spoof (requires security warning dialog)
MFSA 2006-11 Crashes with evidence of memory corruption (rv:1.8)
MFSA 2006-10 JavaScript garbage-collection hazard audit
MFSA 2006-09 Cross-site JavaScript injection using event handlers
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | firefox | < 1.0.8,1 | UNKNOWN |
FreeBSD | any | noarch | linux-firefox | < 1.5.0.2 | UNKNOWN |
FreeBSD | any | noarch | mozilla | < 1.7.13,2 | UNKNOWN |
FreeBSD | any | noarch | linux-mozilla | < 1.7.13 | UNKNOWN |
FreeBSD | any | noarch | seamonkey | < 1.0.1 | UNKNOWN |
FreeBSD | any | noarch | linux-seamonkey | < 1.0.1 | UNKNOWN |
FreeBSD | any | noarch | thunderbird | < 1.5.0.2 | UNKNOWN |
FreeBSD | any | noarch | mozilla-thunderbird | < 1.5.0.2 | UNKNOWN |
www.mozilla.org/security/announce/2006/mfsa2006-09.html
www.mozilla.org/security/announce/2006/mfsa2006-10.html
www.mozilla.org/security/announce/2006/mfsa2006-11.html
www.mozilla.org/security/announce/2006/mfsa2006-12.html
www.mozilla.org/security/announce/2006/mfsa2006-13.html
www.mozilla.org/security/announce/2006/mfsa2006-14.html
www.mozilla.org/security/announce/2006/mfsa2006-15.html
www.mozilla.org/security/announce/2006/mfsa2006-16.html
www.mozilla.org/security/announce/2006/mfsa2006-17.html
www.mozilla.org/security/announce/2006/mfsa2006-18.html
www.mozilla.org/security/announce/2006/mfsa2006-19.html
www.mozilla.org/security/announce/2006/mfsa2006-20.html
www.mozilla.org/security/announce/2006/mfsa2006-22.html
www.mozilla.org/security/announce/2006/mfsa2006-23.html
www.mozilla.org/security/announce/2006/mfsa2006-25.html
www.mozilla.org/security/announce/2006/mfsa2006-26.html
www.mozilla.org/security/announce/2006/mfsa2006-28.html
www.mozilla.org/security/announce/2006/mfsa2006-29.html
www.zerodayinitiative.com/advisories/ZDI-06-010.html