CVE-2006-2776

Severity

75%

Complexity

99%

Confidentiality

106%

This vulnerability is addressed in the following product releases: Mozilla, Firefox, 1.5.0.4 Mozilla, Thunderbird, 1.5.0.4

Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended.

This vulnerability is addressed in the following product releases: Mozilla, Firefox, 1.5.0.4 Mozilla, Thunderbird, 1.5.0.4

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

Mozilla

First reported 18 years ago

2006-06-02 18:02:00

Last updated 6 years ago

2018-10-18 16:41:00

Affected Software

Mozilla Firefox 0.8

0.8

Mozilla Firefox 0.9

0.9

Mozilla Firefox 0.9 rc

0.9

Mozilla Firefox 0.9.1

0.9.1

Mozilla Firefox 0.9.2

0.9.2

Mozilla Firefox 0.9.3

0.9.3

Mozilla Firefox 0.10

0.10

Mozilla Firefox 0.10.1

0.10.1

Mozilla Firefox 1.0

1.0

Mozilla Firefox 1.0.1

1.0.1

Mozilla Firefox 1.0.2

1.0.2

Mozilla Firefox 1.0.3

1.0.3

Mozilla Firefox 1.0.4

1.0.4

Mozilla Firefox 1.0.5

1.0.5

Mozilla Firefox 1.0.6

1.0.6

Mozilla Firefox 1.0.7

1.0.7

Mozilla Firefox 1.5

1.5

Mozilla Firefox 1.5 Beta 1

1.5

Mozilla Firefox 1.5 Beta 2

1.5

Mozilla Firefox 1.5.0.1

1.5.0.1

Mozilla Firefox 1.5.0.2

1.5.0.2

Mozilla Firefox 1.5.0.3

1.5.0.3

Mozilla Thunderbird 0.1

0.1

Mozilla Thunderbird 0.2

0.2

Mozilla Thunderbird 0.3

0.3

Mozilla Thunderbird 0.4

0.4

Mozilla Thunderbird 0.5

0.5

Mozilla Thunderbird 0.6

0.6

Mozilla Thunderbird 0.7

0.7

Mozilla Thunderbird 0.7.1

0.7.1

Mozilla Thunderbird 0.7.2

0.7.2

Mozilla Thunderbird 0.7.3

0.7.3

Mozilla Thunderbird 0.8

0.8

Mozilla Thunderbird 0.9

0.9

Mozilla Thunderbird 1.0

1.0

Mozilla Thunderbird 1.0.2

1.0.2

Mozilla Thunderbird 1.0.5

1.0.5

Mozilla Thunderbird 1.0.6

1.0.6

Mozilla Thunderbird 1.0.7

1.0.7

Mozilla Thunderbird 1.5

1.5

Mozilla Thunderbird 1.5 Beta 2

1.5

References

RHSA-2006:0609

20376

20382

20561

20709

21134

21176

21178

21183

21188

21210

21269

21270

21324

21336

21532

21607

21631

22065

22066

24108

1016202

1016214

102800

DSA-1118

DSA-1120

DSA-1134

GLSA-200606-12

GLSA-200606-21

VU#575969

Patch, US Government Resource

MDKSA-2006:143

MDKSA-2006:145

MDKSA-2006:146

http://www.mozilla.org/security/announce/2006/mfsa2006-37.html

Patch, Vendor Advisory

SUSE-SA:2006:035

RHSA-2006:0578

RHSA-2006:0594

RHSA-2006:0610

RHSA-2006:0611

20060602 rPSA-2006-0091-1 firefox thunderbird

SSRT061236

SSRT061181

18228

TA06-153A

US Government Resource

ADV-2006-2106

ADV-2006-3748

ADV-2006-3749

ADV-2007-0573

ADV-2008-0083

mozilla-contentdefined-code-execution(26848)

oval:org.mitre.oval:def:9849

USN-296-1

USN-296-2

USN-297-1

USN-297-3

USN-323-1

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.