CVE-2006-1733

2006-04-1400:00:00

ubuntu.com

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.97

Percentile

99.8%

JSON

Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8,
Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly
protect the compilation scope of privileged built-in XBL bindings, which
allows remote attackers to execute arbitrary code via the (1) valueOf.call
or (2) valueOf.apply methods of an XBL binding, or (3) “by inserting an XBL
method into the DOM’s document.body prototype chain.”

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchfirefox< 1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1UNKNOWN
ubuntu6.06noarchmozilla-thunderbird< 1.5.0.13-0ubuntu0.6.06UNKNOWN
ubuntu6.10noarchmozilla-thunderbird< 1.5.0.13-0ubuntu0.6.10UNKNOWN
ubuntu7.04noarchmozilla-thunderbird< 1.5.0.13-0ubuntu0.7.04UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	firefox	< 1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1	UNKNOWN
ubuntu	6.06	noarch	mozilla-thunderbird	< 1.5.0.13-0ubuntu0.6.06	UNKNOWN
ubuntu	6.10	noarch	mozilla-thunderbird	< 1.5.0.13-0ubuntu0.6.10	UNKNOWN
ubuntu	7.04	noarch	mozilla-thunderbird	< 1.5.0.13-0ubuntu0.7.04	UNKNOWN