CVE-2006-2775 — Firefox vulnerability

CWE-2649 documents5 sources

Severity

7.5HIGHNVD

EPSS

7.9%

top 7.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Thunderbird Debian Firefox Debian Thunderbird +1 more

Timeline

PublishedJun 2

Latest updateMay 1

Description

Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attributes with the wrong URL under certain unspecified circumstances, which might allow remote attackers to bypass restrictions by causing a persisted string to be associated with the wrong URL.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages5 packages

▶Debianmozilla/thunderbird< 1.5.0.4-1+3

▶NVDmozilla/thunderbird1.5.0.1+21

▶debiandebian/thunderbird< firefox 1.5.dfsg+1.5.0.4-1 (sid)

▶NVDmozilla/firefox1.5.0.3+18

▶debiandebian/firefox< firefox 1.5.dfsg+1.5.0.4-1 (sid)

Patches

Patch: www.kb.cert.org ↗Patch: www.mozilla.org ↗Patch: www.us-cert.gov ↗

🔴Vulnerability Details

GHSA

GHSA-vvv2-hwwj-rm5q: Mozilla Firefox and Thunderbird before 1↗2022-05-01

▶

OSV

CVE-2006-2775: Mozilla Firefox and Thunderbird before 1↗2006-06-02

▶

📋Vendor Advisories

Ubuntu

mozilla vulnerabilities↗2006-07-26

▶

Ubuntu

Thunderbird vulnerabilities↗2006-07-26

▶

Ubuntu

Firefox vulnerabilities↗2006-07-25

▶

Ubuntu

Thunderbird vulnerabilities↗2006-06-14

▶

Ubuntu

firefox vulnerabilities↗2006-06-09

▶