Code Execution Flaw in Mozilla Firefox and Thunderbird Products
CVE-2006-1733

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox; Mozilla Suite; Thunderbird; Seamonkey
Vendor: CVE Published:; 14 April 2006

Summary

A vulnerability exists in Mozilla Firefox, Thunderbird, Mozilla Suite, and SeaMonkey that fails to adequately safeguard the compilation scope of privileged built-in XBL bindings. This flaw allows attackers to execute arbitrary code by utilizing certain methods associated with XBL bindings. Specifically, the exploitation can occur through the 'valueOf.call' or 'valueOf.apply' methods, or by embedding an XBL method within the prototype chain of the DOM's document.body, leading to potential exploitation and unauthorized access.

References

https://usn.ubuntu.com/275-1/

vendor-advisoryx_refsource_UBUNTU

http://www.redhat.com/support/errata/RHSA-2006-0330.html

vendor-advisoryx_refsource_REDHAT

http://www.securityfocus.com/archive/1/434524/100/0/threaded

vendor-advisoryx_refsource_HP

EPSS Score

24% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 14, 2006
Vulnerability Reserved
Apr 12, 2006