CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
97.7%
EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows
remote attackers to gain privileges via javascript that calls the valueOf
method on objects that were created outside of the sandbox.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.06 | noarch | firefox | < 1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1 | UNKNOWN |
ubuntu | 6.06 | noarch | mozilla-thunderbird | < 1.5.0.13-0ubuntu0.6.06 | UNKNOWN |
ubuntu | 6.10 | noarch | mozilla-thunderbird | < 1.5.0.13-0ubuntu0.6.10 | UNKNOWN |
ubuntu | 7.04 | noarch | mozilla-thunderbird | < 1.5.0.13-0ubuntu0.7.04 | UNKNOWN |
ubuntu | 6.10 | noarch | xulrunner | < 1.8.0.5-4.2 | UNKNOWN |
ubuntu | 7.04 | noarch | xulrunner | < 1.8.0.5-4.2 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2006-2787
nvd.nist.gov/vuln/detail/CVE-2006-2787
security-tracker.debian.org/tracker/CVE-2006-2787
ubuntu.com/security/notices/USN-296-1
ubuntu.com/security/notices/USN-296-2
ubuntu.com/security/notices/USN-297-1
ubuntu.com/security/notices/USN-297-3
ubuntu.com/security/notices/USN-323-1
www.cve.org/CVERecord?id=CVE-2006-2787