CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
99.8%
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) “by inserting an XBL method into the DOM’s document.body prototype chain.”
Vendor | Product | Version | CPE |
---|---|---|---|
mozilla | firefox | * | cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* |
mozilla | firefox | 1.0 | cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:* |
mozilla | firefox | 1.0.1 | cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:* |
mozilla | firefox | 1.0.2 | cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:* |
mozilla | firefox | 1.0.3 | cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:* |
mozilla | firefox | 1.0.4 | cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:* |
mozilla | firefox | 1.0.5 | cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:* |
mozilla | firefox | 1.0.6 | cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:* |
mozilla | firefox | 1.5 | cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:* |
mozilla | firefox | 1.5 | cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:* |
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc
lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html
secunia.com/advisories/19631
secunia.com/advisories/19696
secunia.com/advisories/19714
secunia.com/advisories/19721
secunia.com/advisories/19729
secunia.com/advisories/19746
secunia.com/advisories/19759
secunia.com/advisories/19780
secunia.com/advisories/19794
secunia.com/advisories/19811
secunia.com/advisories/19821
secunia.com/advisories/19823
secunia.com/advisories/19852
secunia.com/advisories/19862
secunia.com/advisories/19863
secunia.com/advisories/19902
secunia.com/advisories/19941
secunia.com/advisories/19950
secunia.com/advisories/20051
secunia.com/advisories/21033
secunia.com/advisories/21622
sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1
support.avaya.com/elmodocs2/security/ASA-2006-205.htm
www.debian.org/security/2006/dsa-1044
www.debian.org/security/2006/dsa-1046
www.debian.org/security/2006/dsa-1051
www.gentoo.org/security/en/glsa/glsa-200604-12.xml
www.gentoo.org/security/en/glsa/glsa-200604-18.xml
www.gentoo.org/security/en/glsa/glsa-200605-09.xml
www.kb.cert.org/vuls/id/488774
www.mandriva.com/security/advisories?name=MDKSA-2006:075
www.mandriva.com/security/advisories?name=MDKSA-2006:076
www.mandriva.com/security/advisories?name=MDKSA-2006:078
www.mozilla.org/security/announce/2006/mfsa2006-16.html
www.novell.com/linux/security/advisories/2006_04_25.html
www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html
www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html
www.redhat.com/support/errata/RHSA-2006-0328.html
www.redhat.com/support/errata/RHSA-2006-0329.html
www.redhat.com/support/errata/RHSA-2006-0330.html
www.securityfocus.com/archive/1/434524/100/0/threaded
www.securityfocus.com/archive/1/436296/100/0/threaded
www.securityfocus.com/archive/1/436338/100/0/threaded
www.securityfocus.com/archive/1/438730/100/0/threaded
www.securityfocus.com/bid/17516
www.us-cert.gov/cas/techalerts/TA06-107A.html
www.vupen.com/english/advisories/2006/1356
exchange.xforce.ibmcloud.com/vulnerabilities/25817
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10815
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2020
usn.ubuntu.com/271-1/
usn.ubuntu.com/275-1/
usn.ubuntu.com/276-1/