Description Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using an eval in an XBL method binding (XBL.method.eval) to create Javascript functions that are compiled with extra privileges.
CVSS vector AV:N/AC:M/C:C/I:C/A:C Exploitability: 8.6 | Impact: 10.0 Affected Packages5 packages
🔴 Vulnerability Details3 GHSA GHSA-r677-35c3-7hmg: Mozilla Firefox and Thunderbird 1 ↗ 2022-05-03 ▶ OSV CVE-2006-1735: Mozilla Firefox and Thunderbird 1 ↗ 2006-04-14 ▶ CVEList CVE-2006-1735: Mozilla Firefox and Thunderbird 1 ↗ 2006-04-14 ▶
📋 Vendor Advisories5 Ubuntu Thunderbird vulnerabilities ↗ 2006-05-03 ▶ Ubuntu Mozilla vulnerabilities ↗ 2006-04-28 ▶ Ubuntu Firefox vulnerabilities ↗ 2006-04-20 ▶ Debian CVE-2006-1735: firefox - Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla S... ↗ 2006 ▶
💬 Community7 Bugzilla CVE-2006-1735 security flaw ↗ 2018-08-16 ▶ Bugzilla CVE-2006-1735 Privilege escalation via XBL.method.eval ↗ 2006-04-13 ▶ Bugzilla CVE-2006-1735 Privilege escalation via XBL.method.eval ↗ 2006-04-13 ▶ Bugzilla CVE-2006-1735 Privilege escalation via XBL.method.eval ↗ 2006-04-13 ▶ Bugzilla CVE-2006-1735 Privilege escalation via XBL.method.eval ↗ 2006-04-13 ▶ Show 2 more