CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
99.8%
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8,
Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly
protect the compilation scope of privileged built-in XBL bindings, which
allows remote attackers to execute arbitrary code via the (1) valueOf.call
or (2) valueOf.apply methods of an XBL binding, or (3) “by inserting an XBL
method into the DOM’s document.body prototype chain.”
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.06 | noarch | firefox | < 1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1 | UNKNOWN |
ubuntu | 6.06 | noarch | mozilla-thunderbird | < 1.5.0.13-0ubuntu0.6.06 | UNKNOWN |
ubuntu | 6.10 | noarch | mozilla-thunderbird | < 1.5.0.13-0ubuntu0.6.10 | UNKNOWN |
ubuntu | 7.04 | noarch | mozilla-thunderbird | < 1.5.0.13-0ubuntu0.7.04 | UNKNOWN |