NVD Vulnerability Detail

CVE-2006-2775

Summary	Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attributes with the wrong URL under certain unspecified circumstances, which might allow remote attackers to bypass restrictions by causing a persisted string to be associated with the wrong URL.
Summary	Mozilla, Thunderbird versions are only vulnerable if you turn on JavaScript in mail. This vulnerability is addressed in the following product release: Mozilla, Firefox, 1.5.0.4 Mozilla, Thunderbird, 1.5.0.4
Publication Date	June 3, 2006, 3:02 a.m.
Registration Date	Jan. 29, 2021, 3:38 p.m.
Last Update	Oct. 19, 2018, 1:41 a.m.

CVSS2.0 : HIGH
Score	7.5
Vector	AV:N/AC:L/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	はい
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mozilla:firefox:0.8:::::::*
cpe:2.3:a:mozilla:firefox:0.9:::::::*
cpe:2.3:a:mozilla:firefox:0.9:rc::::::
cpe:2.3:a:mozilla:firefox:0.9.1:::::::*
cpe:2.3:a:mozilla:firefox:0.9.2:::::::*
cpe:2.3:a:mozilla:firefox:0.9.3:::::::*
cpe:2.3:a:mozilla:firefox:0.10:::::::*
cpe:2.3:a:mozilla:firefox:0.10.1:::::::*
cpe:2.3:a:mozilla:firefox:1.0:::::::*
cpe:2.3:a:mozilla:firefox:1.0.1:::::::*
cpe:2.3:a:mozilla:firefox:1.0.2:::::::*
cpe:2.3:a:mozilla:firefox:1.0.3:::::::*
cpe:2.3:a:mozilla:firefox:1.0.4:::::::*
cpe:2.3:a:mozilla:firefox:1.0.5:::::::*
cpe:2.3:a:mozilla:firefox:1.0.6:::::::*
cpe:2.3:a:mozilla:firefox:1.0.6::linux:::::
cpe:2.3:a:mozilla:firefox:1.0.7:::::::*
cpe:2.3:a:mozilla:firefox:1.5:::::::*
cpe:2.3:a:mozilla:firefox:1.5:beta1::::::
cpe:2.3:a:mozilla:firefox:1.5:beta2::::::
cpe:2.3:a:mozilla:firefox:1.5.0.1:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.2:::::::*
cpe:2.3:a:mozilla:firefox::::::::		1.5.0.3
cpe:2.3:a:mozilla:thunderbird:0.1:::::::*
cpe:2.3:a:mozilla:thunderbird:0.2:::::::*
cpe:2.3:a:mozilla:thunderbird:0.3:::::::*
cpe:2.3:a:mozilla:thunderbird:0.4:::::::*
cpe:2.3:a:mozilla:thunderbird:0.5:::::::*
cpe:2.3:a:mozilla:thunderbird:0.6:::::::*
cpe:2.3:a:mozilla:thunderbird:0.7:::::::*
cpe:2.3:a:mozilla:thunderbird:0.7.1:::::::*
cpe:2.3:a:mozilla:thunderbird:0.7.2:::::::*
cpe:2.3:a:mozilla:thunderbird:0.7.3:::::::*
cpe:2.3:a:mozilla:thunderbird:0.8:::::::*
cpe:2.3:a:mozilla:thunderbird:0.9:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.1:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.2:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.3:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.4:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.5:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.5:beta::::::
cpe:2.3:a:mozilla:thunderbird:1.0.6:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.7:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5:beta2::::::
cpe:2.3:a:mozilla:thunderbird::::::::		1.5.0.1

Related information, measures and tools

No	URL	refsource	タグ
1	http://secunia.com/advisories/20376	SECUNIA	Vendor Advisory
2	http://secunia.com/advisories/20382	SECUNIA	Vendor Advisory
3	http://secunia.com/advisories/20561	SECUNIA	Vendor Advisory
4	http://secunia.com/advisories/20709	SECUNIA	Vendor Advisory
5	http://secunia.com/advisories/21176	SECUNIA	Vendor Advisory
6	http://secunia.com/advisories/21178	SECUNIA	Vendor Advisory
7	http://secunia.com/advisories/21183	SECUNIA	Vendor Advisory
8	http://secunia.com/advisories/21188	SECUNIA	Vendor Advisory
9	http://secunia.com/advisories/21210	SECUNIA	Vendor Advisory
10	http://secunia.com/advisories/21324	SECUNIA	Vendor Advisory
11	http://secunia.com/advisories/21532	SECUNIA	Vendor Advisory
12	http://secunia.com/advisories/21607	SECUNIA	Vendor Advisory
13	http://secunia.com/advisories/22065	SECUNIA	Vendor Advisory
14	http://secunia.com/advisories/22066	SECUNIA	Vendor Advisory
15	http://securitytracker.com/id?1016202	SECTRACK
16	http://securitytracker.com/id?1016214	SECTRACK
17	http://www.debian.org/security/2006/dsa-1118	DEBIAN
18	http://www.debian.org/security/2006/dsa-1120	DEBIAN
19	http://www.debian.org/security/2006/dsa-1134	DEBIAN
20	http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml	GENTOO
21	http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml	GENTOO
22	http://www.kb.cert.org/vuls/id/243153	CERT-VN	Patch US Government Resource
23	http://www.mandriva.com/security/advisories?name=MDKSA-2006:143	MANDRIVA
24	http://www.mandriva.com/security/advisories?name=MDKSA-2006:145	MANDRIVA
25	http://www.mandriva.com/security/advisories?name=MDKSA-2006:146	MANDRIVA
26	http://www.mozilla.org/security/announce/2006/mfsa2006-35.html	CONFIRM	Patch Vendor Advisory
27	http://www.novell.com/linux/security/advisories/2006_35_mozilla.html	SUSE
28	http://www.securityfocus.com/archive/1/435795/100/0/threaded	BUGTRAQ
29	http://www.securityfocus.com/archive/1/446657/100/200/threaded	HP
30	http://www.securityfocus.com/archive/1/446658/100/200/threaded	HP
31	http://www.securityfocus.com/bid/18228	BID
32	http://www.us-cert.gov/cas/techalerts/TA06-153A.html	CERT	Patch US Government Resource
33	http://www.vupen.com/english/advisories/2006/2106	VUPEN	Vendor Advisory
34	http://www.vupen.com/english/advisories/2006/3748	VUPEN	Vendor Advisory
35	http://www.vupen.com/english/advisories/2006/3749	VUPEN	Vendor Advisory
36	http://www.vupen.com/english/advisories/2008/0083	VUPEN	Vendor Advisory
37	https://exchange.xforce.ibmcloud.com/vulnerabilities/26846	XF
38	https://usn.ubuntu.com/296-1/	UBUNTU
39	https://usn.ubuntu.com/296-2/	UBUNTU
40	https://usn.ubuntu.com/297-1/	UBUNTU
41	https://usn.ubuntu.com/297-3/	UBUNTU
42	https://usn.ubuntu.com/323-1/	UBUNTU

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-264	認可・権限・アクセス制御	https://cwe.mitre.org/data/definitions/264.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mozilla:firefox:0.8:::::::*
cpe:2.3:a:mozilla:firefox:0.9:::::::*
cpe:2.3:a:mozilla:firefox:0.9:rc::::::
cpe:2.3:a:mozilla:firefox:0.9.1:::::::*
cpe:2.3:a:mozilla:firefox:0.9.2:::::::*
cpe:2.3:a:mozilla:firefox:0.9.3:::::::*
cpe:2.3:a:mozilla:firefox:0.10:::::::*
cpe:2.3:a:mozilla:firefox:0.10.1:::::::*
cpe:2.3:a:mozilla:firefox:1.0:::::::*
cpe:2.3:a:mozilla:firefox:1.0.1:::::::*
cpe:2.3:a:mozilla:firefox:1.0.2:::::::*
cpe:2.3:a:mozilla:firefox:1.0.3:::::::*
cpe:2.3:a:mozilla:firefox:1.0.4:::::::*
cpe:2.3:a:mozilla:firefox:1.0.5:::::::*
cpe:2.3:a:mozilla:firefox:1.0.6:::::::*
cpe:2.3:a:mozilla:firefox:1.0.6::linux:::::
cpe:2.3:a:mozilla:firefox:1.0.7:::::::*
cpe:2.3:a:mozilla:firefox:1.5:::::::*
cpe:2.3:a:mozilla:firefox:1.5:beta1::::::
cpe:2.3:a:mozilla:firefox:1.5:beta2::::::
cpe:2.3:a:mozilla:firefox:1.5.0.1:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.2:::::::*
cpe:2.3:a:mozilla:firefox::::::::		1.5.0.3
cpe:2.3:a:mozilla:thunderbird:0.1:::::::*
cpe:2.3:a:mozilla:thunderbird:0.2:::::::*
cpe:2.3:a:mozilla:thunderbird:0.3:::::::*
cpe:2.3:a:mozilla:thunderbird:0.4:::::::*
cpe:2.3:a:mozilla:thunderbird:0.5:::::::*
cpe:2.3:a:mozilla:thunderbird:0.6:::::::*
cpe:2.3:a:mozilla:thunderbird:0.7:::::::*
cpe:2.3:a:mozilla:thunderbird:0.7.1:::::::*
cpe:2.3:a:mozilla:thunderbird:0.7.2:::::::*
cpe:2.3:a:mozilla:thunderbird:0.7.3:::::::*
cpe:2.3:a:mozilla:thunderbird:0.8:::::::*
cpe:2.3:a:mozilla:thunderbird:0.9:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.1:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.2:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.3:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.4:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.5:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.5:beta::::::
cpe:2.3:a:mozilla:thunderbird:1.0.6:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.7:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5:beta2::::::
cpe:2.3:a:mozilla:thunderbird::::::::		1.5.0.1