6.8
CVE-2006-1733
- EPSS 24.27%
- Published 14.04.2006 10:02:00
- Last modified 03.04.2025 01:03:51
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) "by inserting an XBL method into the DOM's document.body prototype chain."
Data is provided by the National Vulnerability Database (NVD)
Mozilla ≫ Mozilla Suite Version <= 1.7.12
Mozilla ≫ Mozilla Suite Version1.7.6
Mozilla ≫ Mozilla Suite Version1.7.7
Mozilla ≫ Mozilla Suite Version1.7.8
Mozilla ≫ Mozilla Suite Version1.7.10
Mozilla ≫ Mozilla Suite Version1.7.11
Mozilla ≫ Thunderbird Version <= 1.0.7
Mozilla ≫ Thunderbird Version1.0
Mozilla ≫ Thunderbird Version1.0.1
Mozilla ≫ Thunderbird Version1.0.2
Mozilla ≫ Thunderbird Version1.0.3
Mozilla ≫ Thunderbird Version1.0.4
Mozilla ≫ Thunderbird Version1.0.5
Mozilla ≫ Thunderbird Version1.0.5 Updatebeta
Mozilla ≫ Thunderbird Version1.0.6
Mozilla ≫ Thunderbird Version1.5
Mozilla ≫ Thunderbird Version1.5 Updatebeta2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 24.27% | 0.956 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|