NVD Vulnerability Detail

CVE-2006-1733

Summary	Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) "by inserting an XBL method into the DOM's document.body prototype chain."
Summary	This vulnerability also affects Mozilla, SeaMonkey, 1.0 and Mozilla, Suite, 1.7.13 This vulnerabiloity is addressed in the following product releases: Mozilla, Firefox, 1.5 Mozilla, Firefox, 1.0.8 Mozilla, Thunderbird, 1.5 Mozilla, Thunderbird, 1.0.8 Mozilla, SeaMonkey, 1.0 Mozilla, Suite, 1.7.13
Publication Date	April 14, 2006, 7:02 p.m.
Registration Date	Jan. 29, 2021, 3:35 p.m.
Last Update	Oct. 19, 2018, 1:35 a.m.

CVSS2.0 : MEDIUM
Score	6.8
Vector	AV:N/AC:M/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	はい
User operation required	はい

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mozilla:firefox:1.0:::::::*
cpe:2.3:a:mozilla:firefox:1.0.1:::::::*
cpe:2.3:a:mozilla:firefox:1.0.2:::::::*
cpe:2.3:a:mozilla:firefox:1.0.3:::::::*
cpe:2.3:a:mozilla:firefox:1.0.4:::::::*
cpe:2.3:a:mozilla:firefox:1.0.5:::::::*
cpe:2.3:a:mozilla:firefox:1.0.6:::::::*
cpe:2.3:a:mozilla:firefox::::::::		1.0.7
cpe:2.3:a:mozilla:firefox:1.5:::::::*
cpe:2.3:a:mozilla:firefox:1.5:beta1::::::
cpe:2.3:a:mozilla:firefox:1.5:beta2::::::
cpe:2.3:a:mozilla:mozilla_suite:1.7.6:::::::*
cpe:2.3:a:mozilla:mozilla_suite:1.7.7:::::::*
cpe:2.3:a:mozilla:mozilla_suite:1.7.8:::::::*
cpe:2.3:a:mozilla:mozilla_suite:1.7.10:::::::*
cpe:2.3:a:mozilla:mozilla_suite:1.7.11:::::::*
cpe:2.3:a:mozilla:mozilla_suite::::::::		1.7.12
cpe:2.3:a:mozilla:seamonkey:1.0::alpha:::::
cpe:2.3:a:mozilla:seamonkey::beta::::::*		1.0
cpe:2.3:a:mozilla:thunderbird:1.0:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.1:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.2:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.3:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.4:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.5:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.5:beta::::::
cpe:2.3:a:mozilla:thunderbird:1.0.6:::::::*
cpe:2.3:a:mozilla:thunderbird::::::::		1.0.7
cpe:2.3:a:mozilla:thunderbird:1.5:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5:beta2::::::

Related information, measures and tools

No	URL	refsource	タグ
1	ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt	SCO
2	ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc	SGI	Patch
3	http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html	SUSE
4	http://secunia.com/advisories/19631	SECUNIA	Vendor Advisory
5	http://secunia.com/advisories/19696	SECUNIA
6	http://secunia.com/advisories/19714	SECUNIA	Vendor Advisory
7	http://secunia.com/advisories/19721	SECUNIA	Vendor Advisory
8	http://secunia.com/advisories/19729	SECUNIA
9	http://secunia.com/advisories/19746	SECUNIA	Vendor Advisory
10	http://secunia.com/advisories/19759	SECUNIA	Vendor Advisory
11	http://secunia.com/advisories/19780	SECUNIA
12	http://secunia.com/advisories/19794	SECUNIA	Vendor Advisory
13	http://secunia.com/advisories/19811	SECUNIA	Vendor Advisory
14	http://secunia.com/advisories/19821	SECUNIA	Vendor Advisory
15	http://secunia.com/advisories/19823	SECUNIA	Vendor Advisory
16	http://secunia.com/advisories/19852	SECUNIA	Vendor Advisory
17	http://secunia.com/advisories/19862	SECUNIA	Vendor Advisory
18	http://secunia.com/advisories/19863	SECUNIA	Vendor Advisory
19	http://secunia.com/advisories/19902	SECUNIA	Vendor Advisory
20	http://secunia.com/advisories/19941	SECUNIA	Vendor Advisory
21	http://secunia.com/advisories/19950	SECUNIA	Vendor Advisory
22	http://secunia.com/advisories/20051	SECUNIA
23	http://secunia.com/advisories/21033	SECUNIA	Vendor Advisory
24	http://secunia.com/advisories/21622	SECUNIA	Vendor Advisory
25	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1	SUNALERT
26	http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1	SUNALERT
27	http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm	CONFIRM
28	http://www.debian.org/security/2006/dsa-1044	DEBIAN
29	http://www.debian.org/security/2006/dsa-1046	DEBIAN
30	http://www.debian.org/security/2006/dsa-1051	DEBIAN
31	http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml	GENTOO
32	http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml	GENTOO
33	http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml	GENTOO
34	http://www.kb.cert.org/vuls/id/488774	CERT-VN	US Government Resource
35	http://www.mandriva.com/security/advisories?name=MDKSA-2006:075	MANDRIVA
36	http://www.mandriva.com/security/advisories?name=MDKSA-2006:076	MANDRIVA
37	http://www.mandriva.com/security/advisories?name=MDKSA-2006:078	MANDRIVA
38	http://www.mozilla.org/security/announce/2006/mfsa2006-16.html	CONFIRM	Patch Vendor Advisory
39	http://www.novell.com/linux/security/advisories/2006_04_25.html	SUSE
40	http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html	FEDORA
41	http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html	FEDORA
42	http://www.redhat.com/support/errata/RHSA-2006-0328.html	REDHAT
43	http://www.redhat.com/support/errata/RHSA-2006-0329.html	REDHAT
44	http://www.redhat.com/support/errata/RHSA-2006-0330.html	REDHAT
45	http://www.securityfocus.com/archive/1/434524/100/0/threaded	HP
46	http://www.securityfocus.com/archive/1/436296/100/0/threaded	FEDORA
47	http://www.securityfocus.com/archive/1/436338/100/0/threaded	FEDORA
48	http://www.securityfocus.com/archive/1/438730/100/0/threaded	HP
49	http://www.securityfocus.com/bid/17516	BID
50	http://www.us-cert.gov/cas/techalerts/TA06-107A.html	CERT	US Government Resource
51	http://www.vupen.com/english/advisories/2006/1356	VUPEN
52	https://exchange.xforce.ibmcloud.com/vulnerabilities/25817	XF
53	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10815	OVAL
54	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2020	OVAL
55	https://usn.ubuntu.com/271-1/	UBUNTU
56	https://usn.ubuntu.com/275-1/	UBUNTU
57	https://usn.ubuntu.com/276-1/	UBUNTU

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-264	認可・権限・アクセス制御	https://cwe.mitre.org/data/definitions/264.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mozilla:firefox:1.0:::::::*
cpe:2.3:a:mozilla:firefox:1.0.1:::::::*
cpe:2.3:a:mozilla:firefox:1.0.2:::::::*
cpe:2.3:a:mozilla:firefox:1.0.3:::::::*
cpe:2.3:a:mozilla:firefox:1.0.4:::::::*
cpe:2.3:a:mozilla:firefox:1.0.5:::::::*
cpe:2.3:a:mozilla:firefox:1.0.6:::::::*
cpe:2.3:a:mozilla:firefox::::::::		1.0.7
cpe:2.3:a:mozilla:firefox:1.5:::::::*
cpe:2.3:a:mozilla:firefox:1.5:beta1::::::
cpe:2.3:a:mozilla:firefox:1.5:beta2::::::
cpe:2.3:a:mozilla:mozilla_suite:1.7.6:::::::*
cpe:2.3:a:mozilla:mozilla_suite:1.7.7:::::::*
cpe:2.3:a:mozilla:mozilla_suite:1.7.8:::::::*
cpe:2.3:a:mozilla:mozilla_suite:1.7.10:::::::*
cpe:2.3:a:mozilla:mozilla_suite:1.7.11:::::::*
cpe:2.3:a:mozilla:mozilla_suite::::::::		1.7.12
cpe:2.3:a:mozilla:seamonkey:1.0::alpha:::::
cpe:2.3:a:mozilla:seamonkey::beta::::::*		1.0
cpe:2.3:a:mozilla:thunderbird:1.0:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.1:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.2:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.3:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.4:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.5:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.5:beta::::::
cpe:2.3:a:mozilla:thunderbird:1.0.6:::::::*
cpe:2.3:a:mozilla:thunderbird::::::::		1.0.7
cpe:2.3:a:mozilla:thunderbird:1.5:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5:beta2::::::