CVE-2006-2787

Properties

Published:
01.06.2006
Updated:
21.08.2010
Patch available:
Severity:
High
CVSS vector:
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Product:
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: thunderbird
mozilla: firefox
mozilla: firefox
mozilla: firefox

Vulnerability description

EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox.

References:

XF: http://xforce.iss.net/xforce/xfdb/26842
UBUNTU: http://www.ubuntulinux.org/support/documentation/usn/usn-323-1
UBUNTU: http://www.ubuntulinux.org/support/documentation/usn/usn-297-3
UBUNTU: http://www.ubuntulinux.org/support/documentation/usn/usn-297-1
UBUNTU: http://www.ubuntulinux.org/support/documentation/usn/usn-296-2
UBUNTU: http://www.ubuntulinux.org/support/documentation/usn/usn-296-1
BID: http://www.securityfocus.com/bid/18228
HP: http://www.securityfocus.com/archive/1/archive/1/446658/100/200/threaded
HP: http://www.securityfocus.com/archive/1/archive/1/446657/100/200/threaded
BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/435795/100/0/threaded
REDHAT: http://www.redhat.com/support/errata/RHSA-2006-0611.html
REDHAT: http://www.redhat.com/support/errata/RHSA-2006-0610.html
REDHAT: http://www.redhat.com/support/errata/RHSA-2006-0594.html
REDHAT: http://www.redhat.com/support/errata/RHSA-2006-0578.html
SUSE: http://www.novell.com/linux/security/advisories/2006_35_mozilla.html
CONFIRM: http://www.mozilla.org/security/announce/2006/mfsa2006-31.html
MANDRIVA: http://www.mandriva.com/security/advisories?name=MDKSA-2006:146
MANDRIVA: http://www.mandriva.com/security/advisories?name=MDKSA-2006:145
MANDRIVA: http://www.mandriva.com/security/advisories?name=MDKSA-2006:143
GENTOO: http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml
GENTOO: http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml
VUPEN: http://www.frsirt.com/english/advisories/2006/3749
VUPEN: http://www.frsirt.com/english/advisories/2006/3748
VUPEN: http://www.frsirt.com/english/advisories/2006/2106
DEBIAN: http://www.debian.org/security/2006/dsa-1134
DEBIAN: http://www.debian.org/security/2006/dsa-1120
DEBIAN: http://www.debian.org/security/2006/dsa-1118
SECTRACK: http://securitytracker.com/id?1016214
SECTRACK: http://securitytracker.com/id?1016202
SECUNIA: http://secunia.com/advisories/21631
SECUNIA: http://secunia.com/advisories/21607
SECUNIA: http://secunia.com/advisories/21532
SECUNIA: http://secunia.com/advisories/21336
SECUNIA: http://secunia.com/advisories/21324
SECUNIA: http://secunia.com/advisories/21270
SECUNIA: http://secunia.com/advisories/21269
SECUNIA: http://secunia.com/advisories/21210
SECUNIA: http://secunia.com/advisories/21188
SECUNIA: http://secunia.com/advisories/21183
SECUNIA: http://secunia.com/advisories/21178
SECUNIA: http://secunia.com/advisories/21176
SECUNIA: http://secunia.com/advisories/21134
SECUNIA: http://secunia.com/advisories/20709
SECUNIA: http://secunia.com/advisories/20561
SECUNIA: http://secunia.com/advisories/20382
SECUNIA: http://secunia.com/advisories/20376
REDHAT: http://rhn.redhat.com/errata/RHSA-2006-0609.html
OVAL: http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9491
VUPEN: http://www.frsirt.com/english/advisories/2008/0083
SECUNIA: http://secunia.com/advisories/22066
SECUNIA: http://secunia.com/advisories/22065