CVE-2006-1733

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox; Mozilla Suite; Thunderbird; Seamonkey
Vendor: CVE Published:; 14 April 2006

Summary

Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) "by inserting an XBL method into the DOM's document.body prototype chain."

References

https://usn.ubuntu.com/275-1/

vendor-advisoryx_refsource_UBUNTU

http://www.redhat.com/support/errata/RHSA-2006-0330.html

vendor-advisoryx_refsource_REDHAT

http://www.securityfocus.com/archive/1/434524/100/0/threaded

vendor-advisoryx_refsource_HP

EPSS Score

96% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 14, 2006
Vulnerability Reserved
Apr 12, 2006