NVD脆弱性詳細

CVE-2006-1733

概要	Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) "by inserting an XBL method into the DOM's document.body prototype chain."
概要	This vulnerability also affects Mozilla, SeaMonkey, 1.0 and Mozilla, Suite, 1.7.13 This vulnerabiloity is addressed in the following product releases: Mozilla, Firefox, 1.5 Mozilla, Firefox, 1.0.8 Mozilla, Thunderbird, 1.5 Mozilla, Thunderbird, 1.0.8 Mozilla, SeaMonkey, 1.0 Mozilla, Suite, 1.7.13
公表日	2006年4月14日19:02
登録日	2021年1月29日15:35
最終更新日	2018年10月19日1:35

CVSS2.0 : MEDIUM
スコア	6.8
ベクター	AV:N/AC:M/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
全ての特権を取得	いいえ
ユーザー権限を取得	いいえ
その他の権限を取得	はい
ユーザー操作が必要	はい

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:mozilla:firefox:1.0:::::::*
cpe:2.3:a:mozilla:firefox:1.0.1:::::::*
cpe:2.3:a:mozilla:firefox:1.0.2:::::::*
cpe:2.3:a:mozilla:firefox:1.0.3:::::::*
cpe:2.3:a:mozilla:firefox:1.0.4:::::::*
cpe:2.3:a:mozilla:firefox:1.0.5:::::::*
cpe:2.3:a:mozilla:firefox:1.0.6:::::::*
cpe:2.3:a:mozilla:firefox::::::::		1.0.7
cpe:2.3:a:mozilla:firefox:1.5:::::::*
cpe:2.3:a:mozilla:firefox:1.5:beta1::::::
cpe:2.3:a:mozilla:firefox:1.5:beta2::::::
cpe:2.3:a:mozilla:mozilla_suite:1.7.6:::::::*
cpe:2.3:a:mozilla:mozilla_suite:1.7.7:::::::*
cpe:2.3:a:mozilla:mozilla_suite:1.7.8:::::::*
cpe:2.3:a:mozilla:mozilla_suite:1.7.10:::::::*
cpe:2.3:a:mozilla:mozilla_suite:1.7.11:::::::*
cpe:2.3:a:mozilla:mozilla_suite::::::::		1.7.12
cpe:2.3:a:mozilla:seamonkey:1.0::alpha:::::
cpe:2.3:a:mozilla:seamonkey::beta::::::*		1.0
cpe:2.3:a:mozilla:thunderbird:1.0:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.1:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.2:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.3:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.4:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.5:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.5:beta::::::
cpe:2.3:a:mozilla:thunderbird:1.0.6:::::::*
cpe:2.3:a:mozilla:thunderbird::::::::		1.0.7
cpe:2.3:a:mozilla:thunderbird:1.5:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5:beta2::::::

関連情報、対策とツール

No	URL	refsource	タグ
1	ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt	SCO
2	ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc	SGI	Patch
3	http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html	SUSE
4	http://secunia.com/advisories/19631	SECUNIA	Vendor Advisory
5	http://secunia.com/advisories/19696	SECUNIA
6	http://secunia.com/advisories/19714	SECUNIA	Vendor Advisory
7	http://secunia.com/advisories/19721	SECUNIA	Vendor Advisory
8	http://secunia.com/advisories/19729	SECUNIA
9	http://secunia.com/advisories/19746	SECUNIA	Vendor Advisory
10	http://secunia.com/advisories/19759	SECUNIA	Vendor Advisory
11	http://secunia.com/advisories/19780	SECUNIA
12	http://secunia.com/advisories/19794	SECUNIA	Vendor Advisory
13	http://secunia.com/advisories/19811	SECUNIA	Vendor Advisory
14	http://secunia.com/advisories/19821	SECUNIA	Vendor Advisory
15	http://secunia.com/advisories/19823	SECUNIA	Vendor Advisory
16	http://secunia.com/advisories/19852	SECUNIA	Vendor Advisory
17	http://secunia.com/advisories/19862	SECUNIA	Vendor Advisory
18	http://secunia.com/advisories/19863	SECUNIA	Vendor Advisory
19	http://secunia.com/advisories/19902	SECUNIA	Vendor Advisory
20	http://secunia.com/advisories/19941	SECUNIA	Vendor Advisory
21	http://secunia.com/advisories/19950	SECUNIA	Vendor Advisory
22	http://secunia.com/advisories/20051	SECUNIA
23	http://secunia.com/advisories/21033	SECUNIA	Vendor Advisory
24	http://secunia.com/advisories/21622	SECUNIA	Vendor Advisory
25	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1	SUNALERT
26	http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1	SUNALERT
27	http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm	CONFIRM
28	http://www.debian.org/security/2006/dsa-1044	DEBIAN
29	http://www.debian.org/security/2006/dsa-1046	DEBIAN
30	http://www.debian.org/security/2006/dsa-1051	DEBIAN
31	http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml	GENTOO
32	http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml	GENTOO
33	http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml	GENTOO
34	http://www.kb.cert.org/vuls/id/488774	CERT-VN	US Government Resource
35	http://www.mandriva.com/security/advisories?name=MDKSA-2006:075	MANDRIVA
36	http://www.mandriva.com/security/advisories?name=MDKSA-2006:076	MANDRIVA
37	http://www.mandriva.com/security/advisories?name=MDKSA-2006:078	MANDRIVA
38	http://www.mozilla.org/security/announce/2006/mfsa2006-16.html	CONFIRM	Patch Vendor Advisory
39	http://www.novell.com/linux/security/advisories/2006_04_25.html	SUSE
40	http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html	FEDORA
41	http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html	FEDORA
42	http://www.redhat.com/support/errata/RHSA-2006-0328.html	REDHAT
43	http://www.redhat.com/support/errata/RHSA-2006-0329.html	REDHAT
44	http://www.redhat.com/support/errata/RHSA-2006-0330.html	REDHAT
45	http://www.securityfocus.com/archive/1/434524/100/0/threaded	HP
46	http://www.securityfocus.com/archive/1/436296/100/0/threaded	FEDORA
47	http://www.securityfocus.com/archive/1/436338/100/0/threaded	FEDORA
48	http://www.securityfocus.com/archive/1/438730/100/0/threaded	HP
49	http://www.securityfocus.com/bid/17516	BID
50	http://www.us-cert.gov/cas/techalerts/TA06-107A.html	CERT	US Government Resource
51	http://www.vupen.com/english/advisories/2006/1356	VUPEN
52	https://exchange.xforce.ibmcloud.com/vulnerabilities/25817	XF
53	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10815	OVAL
54	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2020	OVAL
55	https://usn.ubuntu.com/271-1/	UBUNTU
56	https://usn.ubuntu.com/275-1/	UBUNTU
57	https://usn.ubuntu.com/276-1/	UBUNTU

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-264	認可・権限・アクセス制御	https://cwe.mitre.org/data/definitions/264.html

構成1	以上	以下	より上	未満
cpe:2.3:a:mozilla:firefox:1.0:::::::*
cpe:2.3:a:mozilla:firefox:1.0.1:::::::*
cpe:2.3:a:mozilla:firefox:1.0.2:::::::*
cpe:2.3:a:mozilla:firefox:1.0.3:::::::*
cpe:2.3:a:mozilla:firefox:1.0.4:::::::*
cpe:2.3:a:mozilla:firefox:1.0.5:::::::*
cpe:2.3:a:mozilla:firefox:1.0.6:::::::*
cpe:2.3:a:mozilla:firefox::::::::		1.0.7
cpe:2.3:a:mozilla:firefox:1.5:::::::*
cpe:2.3:a:mozilla:firefox:1.5:beta1::::::
cpe:2.3:a:mozilla:firefox:1.5:beta2::::::
cpe:2.3:a:mozilla:mozilla_suite:1.7.6:::::::*
cpe:2.3:a:mozilla:mozilla_suite:1.7.7:::::::*
cpe:2.3:a:mozilla:mozilla_suite:1.7.8:::::::*
cpe:2.3:a:mozilla:mozilla_suite:1.7.10:::::::*
cpe:2.3:a:mozilla:mozilla_suite:1.7.11:::::::*
cpe:2.3:a:mozilla:mozilla_suite::::::::		1.7.12
cpe:2.3:a:mozilla:seamonkey:1.0::alpha:::::
cpe:2.3:a:mozilla:seamonkey::beta::::::*		1.0
cpe:2.3:a:mozilla:thunderbird:1.0:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.1:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.2:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.3:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.4:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.5:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.5:beta::::::
cpe:2.3:a:mozilla:thunderbird:1.0.6:::::::*
cpe:2.3:a:mozilla:thunderbird::::::::		1.0.7
cpe:2.3:a:mozilla:thunderbird:1.5:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5:beta2::::::