CVE-2006-2775

Properties

Published:
01.06.2006
Updated:
17.10.2006
Patch available:
Severity:
High
CVSS vector:
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Product:
Mozilla: Thunderbird
Mozilla: Thunderbird
Mozilla: Thunderbird
Mozilla: Thunderbird
Mozilla: Thunderbird
Mozilla: Thunderbird
Mozilla: Thunderbird
Mozilla: Thunderbird
Mozilla: Thunderbird
Mozilla: Thunderbird
Mozilla: Thunderbird
Mozilla: Thunderbird
Mozilla: Thunderbird
Mozilla: Thunderbird
Mozilla: Thunderbird
Mozilla: Thunderbird
Mozilla: Thunderbird
Mozilla: Thunderbird
Mozilla: Thunderbird
Mozilla: Thunderbird
Mozilla: Thunderbird
Mozilla: Thunderbird
Mozilla: Thunderbird
Mozilla: Thunderbird

Vulnerability description

Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attributes with the wrong URL under certain unspecified circumstances, which might allow remote attackers to bypass restrictions by causing a persisted string to be associated with the wrong URL.

References:

MOZILLA: http://www.mozilla.org/security/announce/2006/mfsa2006-35.html
CERT-VN: http://www.kb.cert.org/vuls/id/243153
CERT: http://www.us-cert.gov/cas/techalerts/TA06-153A.html