CVE-2006-2777
published 2006-06-02CVE-2006-2777: Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to execute arbitrary code by using the…
PriorityP338high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
6.03%
92.5th percentile
Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to execute arbitrary code by using the nsISelectionPrivate interface of the Selection object to add a SelectionListener and create notifications that are executed in a privileged context.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 1.5.dfsg+1.5.0.4-1 (sid) | firefox 1.5.dfsg+1.5.0.4-1 (sid) |
| mozilla | firefox | <= 1.5.0.3 | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | seamonkey | <= 1.0 | — |
| mozilla | seamonkey | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_debian7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
mozilla vulnerabilities
vendor_ubuntu·2006-07-26·CVSS 4.3
CVE-2006-2775 [MEDIUM] mozilla vulnerabilities
Title: mozilla vulnerabilities
Summary: mozilla vulnerabilities
Jonas Sicking discovered that under some circumstances persisted XUL
attributes are associated with the wrong URL. A malicious web site
could exploit this to execute arbitrary code with the privileges of
the user. (MFSA 2006-35, CVE-2006-2775)
Paul Nickerson discovered that content-defined setters on an object
prototype were getting called by privileged UI code. It was
demonstrated that this could be exploited to run arbitrary web script
with full user privileges (MFSA 2006-37, CVE-2006-2776). A similar
attack was discovered by moz_bug_r_a4 that leveraged SelectionObject
notifications that were called in privileged context. (MFSA 2006-43,
CVE-2006-2777)
Mikolaj Habryn discovered a buffer overflow in the crypto.signText()
f
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2006-07-25·CVSS 4.3
CVE-2006-2775 [MEDIUM] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox vulnerabilities
USN-296-1 fixed several vulnerabilities in Firefox for the Ubuntu 6.06
LTS release. This update provides the corresponding fixes for Ubuntu
5.04 and Ubuntu 5.10.
For reference, these are the details of the original USN:
Jonas Sicking discovered that under some circumstances persisted XUL
attributes are associated with the wrong URL. A malicious web site
could exploit this to execute arbitrary code with the privileges of
the user. (MFSA 2006-35, CVE-2006-2775)
Paul Nickerson discovered that content-defined setters on an object
prototype were getting called by privileged UI code. It was
demonstrated that this could be exploited to run arbitrary web script
with full user privileges (MFSA 2006-37, CVE-2006-2776). A similar
at
Ubuntu
firefox vulnerabilities
vendor_ubuntu·2006-06-09·CVSS 7.5
CVE-2006-2775 [HIGH] firefox vulnerabilities
Title: firefox vulnerabilities
Summary: firefox vulnerabilities
Jonas Sicking discovered that under some circumstances persisted XUL
attributes are associated with the wrong URL. A malicious web site
could exploit this to execute arbitrary code with the privileges of
the user. (MFSA 2006-35, CVE-2006-2775)
Paul Nickerson discovered that content-defined setters on an object
prototype were getting called by privileged UI code. It was
demonstrated that this could be exploited to run arbitrary web script
with full user privileges (MFSA 2006-37, CVE-2006-2776). A similar
attack was discovered by moz_bug_r_a4 that leveraged SelectionObject
notifications that were called in privileged context. (MFSA 2006-43,
CVE-2006-2777)
Mikolaj Habryn discovered a buffer overflow in the crypto.signText()
f
Debian
CVE-2006-2777: firefox - Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and SeaMonkey before...
vendor_debian·2006·CVSS 7.5
CVE-2006-2777 [HIGH] CVE-2006-2777: firefox - Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and SeaMonkey before...
Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to execute arbitrary code by using the nsISelectionPrivate interface of the Selection object to add a SelectionListener and create notifications that are executed in a privileged context.
Scope: local
sid: resolved (fixed in 1.5.dfsg+1.5.0.4-1)
GHSA
GHSA-5w8p-847h-44hj: Unspecified vulnerability in Mozilla Firefox before 1
ghsa_unreviewed·2022-05-01
CVE-2006-2777 [HIGH] GHSA-5w8p-847h-44hj: Unspecified vulnerability in Mozilla Firefox before 1
Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to execute arbitrary code by using the nsISelectionPrivate interface of the Selection object to add a SelectionListener and create notifications that are executed in a privileged context.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2006-2777 Seamonkey Privilege escalation using addSelectionListener
bugzilla·2006-07-14·CVSS 7.5
CVE-2006-2777 [HIGH] CVE-2006-2777 Seamonkey Privilege escalation using addSelectionListener
CVE-2006-2777 Seamonkey Privilege escalation using addSelectionListener
http://www.mozilla.org/security/announce/2006/mfsa2006-43.html
The upstream advisory describes a way to execute javascript at a privileged level.
This bug exists because while this fix exists upstream and should be fixed via
Firefox 1.5.0.4 and Seamonkey 1.0.2, it is not on s390x.
This bug is the placeholder so we can figure out what's wrong.
Discussion:
Hm, still looks like a problem on s390x, but there're the latest packages there:
.qa.[root@s390x-4as ~]# rpm -q firefox
firefox-1.5.0.8-0.1.el4.s390x
.qa.[root@s390x-4as ~]# rpm -q seamonkey
seamonkey-1.0.6-0.1.el4.s390x
---
This still isn't fixed
# rpm -q seamonkey
seamonkey-1.0.9-0.3.el3.s390x
---
Chris,
Can we get someone to look at this? I fear it's th
Bugzilla
CVE-2006-2783 multiple Seamonkey issues (CVE-2006-2782,CVE-2006-2778,CVE-2006-2776,CVE-2006-2784,CVE-2006-2785,CVE-2006-2786,CVE-2006-2787,CVE-2006-2788)
bugzilla·2006-07-12·CVSS 7.5
CVE-2006-2783 [HIGH] CVE-2006-2783 multiple Seamonkey issues (CVE-2006-2782,CVE-2006-2778,CVE-2006-2776,CVE-2006-2784,CVE-2006-2785,CVE-2006-2786,CVE-2006-2787,CVE-2006-2788)
CVE-2006-2783 multiple Seamonkey issues (CVE-2006-2782,CVE-2006-2778,CVE-2006-2776,CVE-2006-2784,CVE-2006-2785,CVE-2006-2786,CVE-2006-2787,CVE-2006-2788)
+++ This bug was initially created as a clone of Bug #196971 +++
These issues will remain unfixed in Mozilla until Seamonkey is released. They
are not additional issues, simply problems which are fixed as part of the upgrade.
CVE-2006-2777 MFSA 2006-43
CVE-2006-2776 MFSA 2006-37
CVE-2006-2784 MFSA 2006-36
CVE-2006-2785 MFSA 2006-34
CVE-2006-2787 MFSA 2006-31
Several flaws were found in the way Mozilla processes certain javascript
actions. A malicious web page could execute arbitrary javascript
instructions with the permissions of "chrome", allowing the page to steal
sensitive information or install browser malware.
CVE-2006-2783 MFSA
Bugzilla
CVE-2006-2779 multiple Thunderbird issues (CVE-2006-2780, CVE-2006-2781, CVE-2006-2783,CVE-2006-2782,CVE-2006-2778,CVE-2006-2776,CVE-2006-2784,CVE-2006-2785,CVE-2006-2786,CVE-2006-2787,CVE-2006-2788)
bugzilla·2006-06-28·CVSS 7.5
CVE-2006-2779 [HIGH] CVE-2006-2779 multiple Thunderbird issues (CVE-2006-2780, CVE-2006-2781, CVE-2006-2783,CVE-2006-2782,CVE-2006-2778,CVE-2006-2776,CVE-2006-2784,CVE-2006-2785,CVE-2006-2786,CVE-2006-2787,CVE-2006-2788)
CVE-2006-2779 multiple Thunderbird issues (CVE-2006-2780, CVE-2006-2781, CVE-2006-2783,CVE-2006-2782,CVE-2006-2778,CVE-2006-2776,CVE-2006-2784,CVE-2006-2785,CVE-2006-2786,CVE-2006-2787,CVE-2006-2788)
+++ This bug was initially created as a clone of Bug #196973 +++
These issues will remain unfixed in Thunderbird until we upgrade to Thunderbird
1.5. They are not additional issues, simply problems which are fixed as part of
the upgrade.
CVE-2006-2777 MFSA 2006-43
CVE-2006-2776 MFSA 2006-37
CVE-2006-2784 MFSA 2006-36
CVE-2006-2785 MFSA 2006-34
CVE-2006-2787 MFSA 2006-31
Several flaws were found in the way Thunderbird processes certain javascript
actions. A malicious HTML mail could execute arbitrary javascript
instructions with the permissions of "chrome", allowing the mail to steal
sensiti
Bugzilla
CVE-2006-2783 multiple Seamonkey issues (CVE-2006-2782,CVE-2006-2778,CVE-2006-2776,CVE-2006-2784,CVE-2006-2785,CVE-2006-2786,CVE-2006-2787,CVE-2006-2788)
bugzilla·2006-06-27·CVSS 7.5
CVE-2006-2783 [HIGH] CVE-2006-2783 multiple Seamonkey issues (CVE-2006-2782,CVE-2006-2778,CVE-2006-2776,CVE-2006-2784,CVE-2006-2785,CVE-2006-2786,CVE-2006-2787,CVE-2006-2788)
CVE-2006-2783 multiple Seamonkey issues (CVE-2006-2782,CVE-2006-2778,CVE-2006-2776,CVE-2006-2784,CVE-2006-2785,CVE-2006-2786,CVE-2006-2787,CVE-2006-2788)
+++ This bug was initially created as a clone of Bug #196969 +++
These issues will remain unfixed in Mozilla until Seamonkey is released. They
are not additional issues, simply problems which are fixed as part of the upgrade.
CVE-2006-2777 MFSA 2006-43
CVE-2006-2776 MFSA 2006-37
CVE-2006-2784 MFSA 2006-36
CVE-2006-2785 MFSA 2006-34
CVE-2006-2787 MFSA 2006-31
Several flaws were found in the way Mozilla processes certain javascript
actions. A malicious web page could execute arbitrary javascript
instructions with the permissions of "chrome", allowing the page to steal
sensitive information or install browser malware.
CVE-2006-2783 MFSA
Bugzilla
CVE-2006-2783 multiple Seamonkey issues (CVE-2006-2782,CVE-2006-2778,CVE-2006-2776,CVE-2006-2784,CVE-2006-2785,CVE-2006-2786,CVE-2006-2787,CVE-2006-2788)
bugzilla·2006-06-27·CVSS 7.5
CVE-2006-2783 [HIGH] CVE-2006-2783 multiple Seamonkey issues (CVE-2006-2782,CVE-2006-2778,CVE-2006-2776,CVE-2006-2784,CVE-2006-2785,CVE-2006-2786,CVE-2006-2787,CVE-2006-2788)
CVE-2006-2783 multiple Seamonkey issues (CVE-2006-2782,CVE-2006-2778,CVE-2006-2776,CVE-2006-2784,CVE-2006-2785,CVE-2006-2786,CVE-2006-2787,CVE-2006-2788)
CVE-2006-2777 MFSA 2006-43
CVE-2006-2776 MFSA 2006-37
CVE-2006-2784 MFSA 2006-36
CVE-2006-2785 MFSA 2006-34
CVE-2006-2787 MFSA 2006-31
Several flaws were found in the way Mozilla processes certain javascript
actions. A malicious web page could execute arbitrary javascript
instructions with the permissions of "chrome", allowing the page to steal
sensitive information or install browser malware.
CVE-2006-2783 MFSA 2006-42
A cross site scripting flaw was found in the way Mozilla processes Unicode
Byte-order-Mark (BOM) markers in UTF-8 web pages. A malicious web page
could execute a script within the browser that a web input sanitizer could
Bugzilla
CVE-2006-2783 multiple Firefox issues (CVE-2006-2782,CVE-2006-2778,CVE-2006-2776,CVE-2006-2784,CVE-2006-2785,CVE-2006-2786,CVE-2006-2787,CVE-2006-2788)
bugzilla·2006-06-27·CVSS 7.5
CVE-2006-2783 [HIGH] CVE-2006-2783 multiple Firefox issues (CVE-2006-2782,CVE-2006-2778,CVE-2006-2776,CVE-2006-2784,CVE-2006-2785,CVE-2006-2786,CVE-2006-2787,CVE-2006-2788)
CVE-2006-2783 multiple Firefox issues (CVE-2006-2782,CVE-2006-2778,CVE-2006-2776,CVE-2006-2784,CVE-2006-2785,CVE-2006-2786,CVE-2006-2787,CVE-2006-2788)
These issues will remain unfixed in Firefox until we upgrade to Firefox 1.5.
They are not additional issues, simply problems which are fixed as part of the
upgrade.
CVE-2006-2777 MFSA 2006-43
CVE-2006-2776 MFSA 2006-37
CVE-2006-2784 MFSA 2006-36
CVE-2006-2785 MFSA 2006-34
CVE-2006-2787 MFSA 2006-31
Several flaws were found in the way Firefox processes certain javascript
actions. A malicious web page could execute arbitrary javascript
instructions with the permissions of "chrome", allowing the page to steal
sensitive information or install browser malware.
CVE-2006-2783 MFSA 2006-42
A cross site scripting flaw was found in the way Firefox
Bugzilla
CVE-2006-2777 (seamonkey): remote arbitrary code execution vulnerability
bugzilla·2006-06-03·CVSS 7.5
CVE-2006-2777 [HIGH] CVE-2006-2777 (seamonkey): remote arbitrary code execution vulnerability
CVE-2006-2777 (seamonkey): remote arbitrary code execution vulnerability
Remote arbitrary code execution vulnerability in seamonkey < 1.0.2:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2777
Discussion:
released 1.0.2 rpm, fixed
http://secunia.com/advisories/20376http://secunia.com/advisories/20394http://secunia.com/advisories/20561http://secunia.com/advisories/21176http://secunia.com/advisories/21178http://secunia.com/advisories/21183http://secunia.com/advisories/21188http://secunia.com/advisories/21324http://secunia.com/advisories/21532http://secunia.com/advisories/22066http://securitytracker.com/id?1016202http://sunsolve.sun.com/search/document.do?assetkey=1-26-102763-1http://www.debian.org/security/2006/dsa-1118http://www.debian.org/security/2006/dsa-1120http://www.debian.org/security/2006/dsa-1134http://www.gentoo.org/security/en/glsa/glsa-200606-12.xmlhttp://www.kb.cert.org/vuls/id/237257http://www.mandriva.com/security/advisories?name=MDKSA-2006:143http://www.mandriva.com/security/advisories?name=MDKSA-2006:145http://www.mozilla.org/security/announce/2006/mfsa2006-43.htmlhttp://www.novell.com/linux/security/advisories/2006_35_mozilla.htmlhttp://www.securityfocus.com/archive/1/435795/100/0/threadedhttp://www.securityfocus.com/archive/1/446658/100/200/threadedhttp://www.securityfocus.com/bid/18228http://www.us-cert.gov/cas/techalerts/TA06-153A.htmlhttp://www.vupen.com/english/advisories/2006/2106http://www.vupen.com/english/advisories/2006/3748http://www.vupen.com/english/advisories/2007/0058http://www.vupen.com/english/advisories/2008/0083https://exchange.xforce.ibmcloud.com/vulnerabilities/26853https://usn.ubuntu.com/296-1/https://usn.ubuntu.com/296-2/https://usn.ubuntu.com/323-1/http://secunia.com/advisories/20376http://secunia.com/advisories/20394http://secunia.com/advisories/20561http://secunia.com/advisories/21176http://secunia.com/advisories/21178http://secunia.com/advisories/21183http://secunia.com/advisories/21188http://secunia.com/advisories/21324http://secunia.com/advisories/21532http://secunia.com/advisories/22066http://securitytracker.com/id?1016202http://sunsolve.sun.com/search/document.do?assetkey=1-26-102763-1http://www.debian.org/security/2006/dsa-1118http://www.debian.org/security/2006/dsa-1120http://www.debian.org/security/2006/dsa-1134http://www.gentoo.org/security/en/glsa/glsa-200606-12.xmlhttp://www.kb.cert.org/vuls/id/237257http://www.mandriva.com/security/advisories?name=MDKSA-2006:143http://www.mandriva.com/security/advisories?name=MDKSA-2006:145http://www.mozilla.org/security/announce/2006/mfsa2006-43.htmlhttp://www.novell.com/linux/security/advisories/2006_35_mozilla.htmlhttp://www.securityfocus.com/archive/1/435795/100/0/threadedhttp://www.securityfocus.com/archive/1/446658/100/200/threadedhttp://www.securityfocus.com/bid/18228http://www.us-cert.gov/cas/techalerts/TA06-153A.htmlhttp://www.vupen.com/english/advisories/2006/2106http://www.vupen.com/english/advisories/2006/3748http://www.vupen.com/english/advisories/2007/0058http://www.vupen.com/english/advisories/2008/0083https://exchange.xforce.ibmcloud.com/vulnerabilities/26853https://usn.ubuntu.com/296-1/https://usn.ubuntu.com/296-2/https://usn.ubuntu.com/323-1/
2006-06-02
Published