You are here

CVE-2006-1733

Vincent (CVE) Danen's picture
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) "by inserting an XBL method into the DOM's document.body prototype chain."

Details Source

Mitre

Public Date

2006-04-14 00:00:00

Impact

Critical

CVSS Status

draft

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 4 RHSA-2006:0329 2006-04-18
Red Hat Enterprise Linux 3 (mozilla) RHSA-2006:0329 2006-04-18
Red Hat Enterprise Linux 2.1 RHSA-2006:0329 2006-04-18
Red Hat Enterprise Linux 4 (thunderbird) RHSA-2006:0330 2006-04-21
Red Hat Enterprise Linux 4 (firefox) RHSA-2006:0328 2006-04-14

Affected Packages State

Platform Package State
Red Hat Enterprise Linux version 4 devhelp 0.9.2-2.4.8 Fixed
Red Hat Enterprise Linux version 4 mozilla 1.7.13-1.4.1 Fixed