Home > Vulnerability Database > CVE-2006-1733

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2006-1733

Date: April 14, 2006

Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) "by inserting an XBL method into the DOM's document.body prototype chain."

Severity Score

5.6

Related Resources (60)

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/25817

Url: http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml

Url: http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html

Url: http://secunia.com/advisories/19811

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1

Url: http://www.mozilla.org/security/announce/2006/mfsa2006-16.html

Url: http://secunia.com/advisories/19852

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2020

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10815

Url: https://nvd.nist.gov/vuln/detail/CVE-2006-1733

Url: http://secunia.com/advisories/19780

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:075

Url: http://www.kb.cert.org/vuls/id/488774

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:076

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:078

Url: http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml

Url: http://www.securityfocus.com/archive/1/434524/100/0/threaded

Url: http://www.debian.org/security/2006/dsa-1044

Url: http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm

Url: http://www.debian.org/security/2006/dsa-1046

Url: http://secunia.com/advisories/19902

Url: http://www.securityfocus.com/archive/1/436296/100/0/threaded

Url: http://secunia.com/advisories/19823

Url: http://secunia.com/advisories/19746

Url: http://secunia.com/advisories/19941

Url: http://secunia.com/advisories/19821

Url: http://secunia.com/advisories/19862

Url: http://secunia.com/advisories/19863

Url: http://secunia.com/advisories/19794

Url: http://secunia.com/advisories/21622

Url: http://www.securityfocus.com/archive/1/436338/100/0/threaded

Url: http://secunia.com/advisories/20051

Url: http://www.securityfocus.com/bid/17516

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2006-1733

Url: http://www.vupen.com/english/advisories/2006/1356

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1

Url: ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt

Url: http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html

Url: http://secunia.com/advisories/19714

Url: http://secunia.com/advisories/19759

Url: http://secunia.com/advisories/19631

Url: http://secunia.com/advisories/19950

Url: http://www.redhat.com/support/errata/RHSA-2006-0330.html

Url: http://www.novell.com/linux/security/advisories/2006_04_25.html

Url: http://www.securityfocus.com/archive/1/438730/100/0/threaded

Url: http://www.debian.org/security/2006/dsa-1051

Url: https://usn.ubuntu.com/276-1/

Url: http://secunia.com/advisories/21033

Url: http://www.redhat.com/support/errata/RHSA-2006-0328.html

Url: http://secunia.com/advisories/19729

Url: http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html

Url: ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc

Url: http://secunia.com/advisories/19721

Url: https://usn.ubuntu.com/271-1/

Url: http://www.redhat.com/support/errata/RHSA-2006-0329.html

Url: http://secunia.com/advisories/19696

Url: http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml

Url: http://www.us-cert.gov/cas/techalerts/TA06-107A.html

Url: https://usn.ubuntu.com/275-1/

Url: https://www.mend.io/vulnerability-database/CVE-2006-1733

Severity Score

5.6

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

CVSS v3.1

Base Score:	5.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Do you need more information?

Contact Us