Lucene search

[email protected]NVD:CVE-2006-1735

HistoryApr 14, 2006 - 10:02 a.m.

CVE-2006-1735

2006-04-1410:02:00

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.3

Confidence

Low

EPSS

0.975

Percentile

100.0%

JSON

Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using an eval in an XBL method binding (XBL.method.eval) to create Javascript functions that are compiled with extra privileges.

Affected configurations

Nvd

Node

mozillafirefoxRange≤1.0.7

mozillafirefoxMatch1.0

mozillafirefoxMatch1.0.1

mozillafirefoxMatch1.0.2

mozillafirefoxMatch1.0.3

mozillafirefoxMatch1.0.4

mozillafirefoxMatch1.0.5

mozillafirefoxMatch1.0.6

mozillafirefoxMatch1.5

mozillafirefoxMatch1.5beta1

mozillafirefoxMatch1.5beta2

mozillamozilla_suiteRange≤1.7.12

mozillamozilla_suiteMatch1.7.6

mozillamozilla_suiteMatch1.7.7

mozillamozilla_suiteMatch1.7.8

mozillamozilla_suiteMatch1.7.10

mozillamozilla_suiteMatch1.7.11

mozillaseamonkeyRange≤1.0beta

mozillaseamonkeyMatch1.0alpha

mozillathunderbirdRange≤1.0.7

mozillathunderbirdMatch1.0

mozillathunderbirdMatch1.0.1

mozillathunderbirdMatch1.0.2

mozillathunderbirdMatch1.0.3

mozillathunderbirdMatch1.0.4

mozillathunderbirdMatch1.0.5

mozillathunderbirdMatch1.0.5beta

mozillathunderbirdMatch1.0.6

mozillathunderbirdMatch1.5

mozillathunderbirdMatch1.5beta2

VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillafirefox1.0cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
mozillafirefox1.0.1cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
mozillafirefox1.0.2cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
mozillafirefox1.0.3cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
mozillafirefox1.0.4cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
mozillafirefox1.0.5cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
mozillafirefox1.0.6cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
mozillafirefox1.5cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
mozillafirefox1.5cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::
mozilla	firefox	1.0	cpe:2.3:a:mozilla:firefox:1.0:::::::*
mozilla	firefox	1.0.1	cpe:2.3:a:mozilla:firefox:1.0.1:::::::*
mozilla	firefox	1.0.2	cpe:2.3:a:mozilla:firefox:1.0.2:::::::*
mozilla	firefox	1.0.3	cpe:2.3:a:mozilla:firefox:1.0.3:::::::*
mozilla	firefox	1.0.4	cpe:2.3:a:mozilla:firefox:1.0.4:::::::*
mozilla	firefox	1.0.5	cpe:2.3:a:mozilla:firefox:1.0.5:::::::*
mozilla	firefox	1.0.6	cpe:2.3:a:mozilla:firefox:1.0.6:::::::*
mozilla	firefox	1.5	cpe:2.3:a:mozilla:firefox:1.5:::::::*
mozilla	firefox	1.5	cpe:2.3:a:mozilla:firefox:1.5:beta1::::::

Rows per page:

1-10 of 301

References

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt

ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc

lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html

secunia.com/advisories/19631

secunia.com/advisories/19696

secunia.com/advisories/19714

secunia.com/advisories/19721

secunia.com/advisories/19729

secunia.com/advisories/19746

secunia.com/advisories/19759

secunia.com/advisories/19780

secunia.com/advisories/19794

secunia.com/advisories/19811

secunia.com/advisories/19821

secunia.com/advisories/19823

secunia.com/advisories/19852

secunia.com/advisories/19862

secunia.com/advisories/19863

secunia.com/advisories/19902

secunia.com/advisories/19941

secunia.com/advisories/19950

secunia.com/advisories/20051

secunia.com/advisories/21033

secunia.com/advisories/21622

sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1

sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1

support.avaya.com/elmodocs2/security/ASA-2006-205.htm

www.debian.org/security/2006/dsa-1044

www.debian.org/security/2006/dsa-1046

www.debian.org/security/2006/dsa-1051

www.gentoo.org/security/en/glsa/glsa-200604-12.xml

www.gentoo.org/security/en/glsa/glsa-200604-18.xml

www.gentoo.org/security/en/glsa/glsa-200605-09.xml

www.kb.cert.org/vuls/id/813230

www.mandriva.com/security/advisories?name=MDKSA-2006:075

www.mandriva.com/security/advisories?name=MDKSA-2006:076

www.mandriva.com/security/advisories?name=MDKSA-2006:078

www.mozilla.org/security/announce/2006/mfsa2006-14.html

www.novell.com/linux/security/advisories/2006_04_25.html

www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html

www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html

www.redhat.com/support/errata/RHSA-2006-0328.html

www.redhat.com/support/errata/RHSA-2006-0329.html

www.redhat.com/support/errata/RHSA-2006-0330.html

www.securityfocus.com/archive/1/434524/100/0/threaded

www.securityfocus.com/archive/1/436296/100/0/threaded

www.securityfocus.com/archive/1/436338/100/0/threaded

www.securityfocus.com/archive/1/438730/100/0/threaded

www.securityfocus.com/bid/17516

www.us-cert.gov/cas/techalerts/TA06-107A.html

www.vupen.com/english/advisories/2006/1356

exchange.xforce.ibmcloud.com/vulnerabilities/25815

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1037

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10930

usn.ubuntu.com/271-1/

usn.ubuntu.com/275-1/

usn.ubuntu.com/276-1/

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.3

Confidence

Low

EPSS

0.975

Percentile

100.0%

JSON

Related for NVD:CVE-2006-1735

prion1 cve1 debiancve1 checkpoint_advisories1 cert2 ubuntucve1 mozilla1 cvelist1 securityvulns1 nessus34 openvas16 redhat3 centos4 suse3 ubuntu3 gentoo3 osv3 debian8 freebsd1