CVE-2006-2775

Severity

75%

Complexity

99%

Confidentiality

106%

Mozilla, Thunderbird versions are only vulnerable if you turn on JavaScript in mail. This vulnerability is addressed in the following product release: Mozilla, Firefox, 1.5.0.4 Mozilla, Thunderbird, 1.5.0.4

Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attributes with the wrong URL under certain unspecified circumstances, which might allow remote attackers to bypass restrictions by causing a persisted string to be associated with the wrong URL.

Mozilla, Thunderbird versions are only vulnerable if you turn on JavaScript in mail. This vulnerability is addressed in the following product release: Mozilla, Firefox, 1.5.0.4 Mozilla, Thunderbird, 1.5.0.4

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

Mozilla

First reported 18 years ago

2006-06-02 18:02:00

Last updated 6 years ago

2018-10-18 16:41:00

Affected Software

Mozilla Firefox 0.8

0.8

Mozilla Firefox 0.9

0.9

Mozilla Firefox 0.9 rc

0.9

Mozilla Firefox 0.9.1

0.9.1

Mozilla Firefox 0.9.2

0.9.2

Mozilla Firefox 0.9.3

0.9.3

Mozilla Firefox 0.10

0.10

Mozilla Firefox 0.10.1

0.10.1

Mozilla Firefox 1.0

1.0

Mozilla Firefox 1.0.1

1.0.1

Mozilla Firefox 1.0.2

1.0.2

Mozilla Firefox 1.0.3

1.0.3

Mozilla Firefox 1.0.4

1.0.4

Mozilla Firefox 1.0.5

1.0.5

Mozilla Firefox 1.0.6

1.0.6

Mozilla Firefox 1.0.7

1.0.7

Mozilla Firefox 1.5

1.5

Mozilla Firefox 1.5 Beta 1

1.5

Mozilla Firefox 1.5 Beta 2

1.5

Mozilla Firefox 1.5.0.1

1.5.0.1

Mozilla Firefox 1.5.0.2

1.5.0.2

Mozilla Firefox

Mozilla Thunderbird 0.1

0.1

Mozilla Thunderbird 0.2

0.2

Mozilla Thunderbird 0.3

0.3

Mozilla Thunderbird 0.4

0.4

Mozilla Thunderbird 0.5

0.5

Mozilla Thunderbird 0.6

0.6

Mozilla Thunderbird 0.7

0.7

Mozilla Thunderbird 0.7.1

0.7.1

Mozilla Thunderbird 0.7.2

0.7.2

Mozilla Thunderbird 0.7.3

0.7.3

Mozilla Thunderbird 0.8

0.8

Mozilla Thunderbird 0.9

0.9

Mozilla Thunderbird 1.0

1.0

Mozilla Thunderbird 1.0.2

1.0.2

Mozilla Thunderbird 1.0.5

1.0.5

Mozilla Thunderbird 1.0.6

1.0.6

Mozilla Thunderbird 1.0.7

1.0.7

Mozilla Thunderbird 1.5

1.5

Mozilla Thunderbird 1.5 Beta 2

1.5

Mozilla Thunderbird

References

20376

Vendor Advisory

20382

Vendor Advisory

20561

Vendor Advisory

20709

Vendor Advisory

21176

Vendor Advisory

21178

Vendor Advisory

21183

Vendor Advisory

21188

Vendor Advisory

21210

Vendor Advisory

21324

Vendor Advisory

21532

Vendor Advisory

21607

Vendor Advisory

22065

Vendor Advisory

22066

Vendor Advisory

1016202

1016214

DSA-1118

DSA-1120

DSA-1134

GLSA-200606-12

GLSA-200606-21

VU#243153

Patch, US Government Resource

MDKSA-2006:143

MDKSA-2006:145

MDKSA-2006:146

http://www.mozilla.org/security/announce/2006/mfsa2006-35.html

Patch, Vendor Advisory

SUSE-SA:2006:035

20060602 rPSA-2006-0091-1 firefox thunderbird

SSRT061236

SSRT061181

18228

TA06-153A

Patch, US Government Resource

ADV-2006-2106

Vendor Advisory

ADV-2006-3748

Vendor Advisory

ADV-2006-3749

Vendor Advisory

ADV-2008-0083

Vendor Advisory

mozilla-xul-code-execution(26846)

USN-296-1

USN-296-2

USN-297-1

USN-297-3

USN-323-1

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.