CVE-2006-1733

CWE-26416 documents8 sources
Severity
6.8MEDIUM
EPSS
24.3%
top 3.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla FirefoxMozilla Mozilla SuiteMozilla Seamonkey+1 more
Timeline
PublishedApr 14
Latest updateMay 3

Description

Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) "by inserting an XBL method into the DOM's document.body prototype chain."

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages5 packages

NVDmozilla/firefox1.0.7+8
NVDmozilla/thunderbird1.0.7+8
NVDmozilla/mozilla_suite1.7.12+5
Debianthunderbird< 1.5.0.2-1+3

Patches

Patch: patches.sgi.comPatch: www.mozilla.orgPatch: patches.sgi.com

🔴Vulnerability Details

3
GHSA
GHSA-qc6m-vfp3-h4f4: Mozilla Firefox and Thunderbird 12022-05-03
CVEList
CVE-2006-1733: Mozilla Firefox and Thunderbird 12006-04-14
OSV
CVE-2006-1733: Mozilla Firefox and Thunderbird 12006-04-14

📋Vendor Advisories

5
Ubuntu
Thunderbird vulnerabilities2006-05-03
Ubuntu
Mozilla vulnerabilities2006-04-28
Ubuntu
Firefox vulnerabilities2006-04-20
Red Hat
security flaw2006-04-14
Debian
CVE-2006-1733: firefox - Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla S...2006

💬Community

7
Bugzilla
CVE-2006-1733 security flaw2018-08-16
Bugzilla
CVE-2006-1733 Accessing XBL compilation scope via valueOf.call()2006-04-13
Bugzilla
CVE-2006-1733 Accessing XBL compilation scope via valueOf.call()2006-04-13
Bugzilla
CVE-2006-1733 Accessing XBL compilation scope via valueOf.call()2006-04-13
Bugzilla
CVE-2006-1733 Accessing XBL compilation scope via valueOf.call()2006-04-13
CVE-2006-1733 (MEDIUM CVSS 6.8) | Mozilla Firefox and Thunderbird 1.x | cvebase.io