CVE-2006-1726 — Firefox vulnerability

CWE-2644 documents4 sources

Severity

9.3CRITICALNVD

EPSS

9.7%

top 7.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Thunderbird Debian Firefox Debian Thunderbird +2 more

Timeline

PublishedApr 14

Latest updateMay 1

Description

Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the js_ValueToFunctionObject check and execute arbitrary code via unknown vectors involving setTimeout and Firefox' ForEach method.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages6 packages

▶debiandebian/firefox< firefox 1.5.dfsg+1.5.0.2-1 (sid)

▶NVDmozilla/firefox11 versions+10

▶debiandebian/thunderbird< firefox 1.5.dfsg+1.5.0.2-1 (sid)

▶Debianmozilla/thunderbird< 1.5.0.2-1+3

▶NVDmozilla/seamonkey1.0

Patches

Patch: www.mozilla.org ↗Patch: www.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-7p29-2p26-qhwg: Unspecified vulnerability in Firefox and Thunderbird 1↗2022-05-01

▶

OSV

CVE-2006-1726: Unspecified vulnerability in Firefox and Thunderbird 1↗2006-04-14

▶

📋Vendor Advisories

Debian

CVE-2006-1726: firefox - Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and Sea...↗2006

▶