CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
99.8%
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) “by inserting an XBL method into the DOM’s document.body prototype chain.”
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 999 | all | firefox | < 1.5.dfsg+1.5.0.2-2 | firefox_1.5.dfsg+1.5.0.2-2_all.deb |
Debian | 12 | all | thunderbird | < 1.5.0.2-1 | thunderbird_1.5.0.2-1_all.deb |
Debian | 11 | all | thunderbird | < 1.5.0.2-1 | thunderbird_1.5.0.2-1_all.deb |
Debian | 999 | all | thunderbird | < 1.5.0.2-1 | thunderbird_1.5.0.2-1_all.deb |
Debian | 13 | all | thunderbird | < 1.5.0.2-1 | thunderbird_1.5.0.2-1_all.deb |