CVE-2006-2777

Severity

75%

Complexity

99%

Confidentiality

106%

This vulnerability is addressed in the following product releases: Mozilla, Firefox, 1.5.0.4 Mozilla, SeaMonkey, 1.0.2

Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to execute arbitrary code by using the nsISelectionPrivate interface of the Selection object to add a SelectionListener and create notifications that are executed in a privileged context.

This vulnerability is addressed in the following product releases: Mozilla, Firefox, 1.5.0.4 Mozilla, SeaMonkey, 1.0.2

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

First reported 19 years ago

2006-06-02 18:02:00

Last updated 6 years ago

2018-10-18 16:42:00

Affected Software

Mozilla Firefox 0.8

0.8

Mozilla Firefox 0.9

0.9

Mozilla Firefox 0.9 rc

0.9

Mozilla Firefox 0.9.1

0.9.1

Mozilla Firefox 0.9.2

0.9.2

Mozilla Firefox 0.9.3

0.9.3

Mozilla Firefox 0.10

0.10

Mozilla Firefox 0.10.1

0.10.1

Mozilla Firefox 1.0

1.0

Mozilla Firefox 1.0.1

1.0.1

Mozilla Firefox 1.0.2

1.0.2

Mozilla Firefox 1.0.3

1.0.3

Mozilla Firefox 1.0.4

1.0.4

Mozilla Firefox 1.0.5

1.0.5

Mozilla Firefox 1.0.6

1.0.6

Mozilla Firefox 1.0.7

1.0.7

Mozilla Firefox 1.5

1.5

Mozilla Firefox 1.5 Beta 1

1.5

Mozilla Firefox 1.5 Beta 2

1.5

Mozilla Firefox 1.5.0.1

1.5.0.1

Mozilla Firefox 1.5.0.2

1.5.0.2

Mozilla Firefox

References

20376

20394

20561

21176

21178

21183

21188

21324

21532

22066

1016202

102763

DSA-1118

DSA-1120

DSA-1134

GLSA-200606-12

VU#237257

Patch, US Government Resource

MDKSA-2006:143

MDKSA-2006:145

http://www.mozilla.org/security/announce/2006/mfsa2006-43.html

Patch, Vendor Advisory

SUSE-SA:2006:035

20060602 rPSA-2006-0091-1 firefox thunderbird

SSRT061181

18228

TA06-153A

US Government Resource

ADV-2006-2106

ADV-2006-3748

ADV-2007-0058

ADV-2008-0083

mozilla-nsiselectionprivate-code-execution(26853)

USN-296-1

USN-296-2

USN-323-1

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.