Remote Code Execution Vulnerability in Mozilla Products
CVE-2006-1735

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox; Mozilla Suite; Thunderbird; Seamonkey
Vendor: CVE Published:; 14 April 2006

Summary

The vulnerability in Mozilla Firefox and related products occurs when an XBL method binding allows remote attackers to execute arbitrary code by leveraging an 'eval' method. This flaw can lead to the creation of JavaScript functions with excessive privileges, which may compromise the security of the affected systems, allowing unauthorized access and control.

References

https://usn.ubuntu.com/275-1/

vendor-advisoryx_refsource_UBUNTU

http://www.redhat.com/support/errata/RHSA-2006-0330.html

vendor-advisoryx_refsource_REDHAT

http://www.securityfocus.com/archive/1/434524/100/0/threaded

vendor-advisoryx_refsource_HP

EPSS Score

39% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 14, 2006
Vulnerability Reserved
Apr 12, 2006