cbcvebase.
CVE-2006-2787
published 2006-06-02

CVE-2006-2787: EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on…

PriorityP333critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
2.75%
84.4th percentile
EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox.

Affected

26 ranges· showing 25
VendorProductVersion rangeFixed in
debianfirefox< firefox 1.5.dfsg+1.5.0.4-1 (sid)firefox 1.5.dfsg+1.5.0.4-1 (sid)
debianthunderbird< firefox 1.5.dfsg+1.5.0.4-1 (sid)firefox 1.5.dfsg+1.5.0.4-1 (sid)
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillathunderbird
mozillathunderbird
mozillathunderbird
mozillathunderbird
mozillathunderbird
mozillathunderbird
mozillathunderbird
mozillathunderbird
mozillathunderbird
mozillathunderbird>= 0 < 1.5.0.4-11.5.0.4-1
mozillathunderbird>= 0 < 1.5.0.4-11.5.0.4-1
mozillathunderbird>= 0 < 1.5.0.4-11.5.0.4-1

CVSS provenance

nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3MEDIUM
vendor_redhat9.3CRITICAL
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.