CVE-2006-1726high
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the js_ValueToFunctionObject check and execute arbitrary code via unknown vectors involving setTimeout and Firefox' ForEach method.
References
http://secunia.com/advisories/19631
http://secunia.com/advisories/19649
http://secunia.com/advisories/22065
http://secunia.com/advisories/22066
http://securitytracker.com/id?1015931
http://securitytracker.com/id?1015932
http://securitytracker.com/id?1015933
http://www.kb.cert.org/vuls/id/968814
http://www.mozilla.org/security/announce/2006/mfsa2006-28.html
http://www.securityfocus.com/archive/1/434524/100/0/threaded
http://www.securityfocus.com/archive/1/446657/100/200/threaded
http://www.securityfocus.com/archive/1/446658/100/200/threaded
http://www.securityfocus.com/bid/17516
http://www.us-cert.gov/cas/techalerts/TA06-107A.html
http://www.vupen.com/english/advisories/2006/1356
http://www.vupen.com/english/advisories/2006/3748
http://www.vupen.com/english/advisories/2006/3749
http://www.vupen.com/english/advisories/2008/0083
https://exchange.xforce.ibmcloud.com/vulnerabilities/25825
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1968
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:preview_release:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.0.5:beta:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 24403 | Solaris 9 (sparc) : 120671-08 | Nessus | Solaris Local Security Checks | critical |
| 24395 | Solaris 8 (sparc) : 120671-08 | Nessus | Solaris Local Security Checks | critical |
| 23773 | Solaris 9 (x86) : 120672-08 | Nessus | Solaris Local Security Checks | critical |
| 23772 | Solaris 8 (x86) : 120672-08 | Nessus | Solaris Local Security Checks | critical |
| 22987 | Solaris 10 (x86) : 119116-35 (deprecated) | Nessus | Solaris Local Security Checks | critical |
| 22954 | Solaris 10 (sparc) : 119115-36 (deprecated) | Nessus | Solaris Local Security Checks | critical |
| 22588 | Debian DSA-1046-1 : mozilla - several vulnerabilities | Nessus | Debian Local Security Checks | critical |
| 21461 | FreeBSD : mozilla -- multiple vulnerabilities (84630f4a-cd8c-11da-b7b9-000c6ec775d9) | Nessus | FreeBSD Local Security Checks | critical |
| 21226 | SeaMonkey < 1.0.1 Multiple Vulnerabilities | Nessus | Windows | high |
| 21225 | Firefox < 1.5.0.2 Multiple Vulnerabilities | Nessus | Windows | high |
| 3516 | SeaMonkey < 1.0.1 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
| 3514 | Mozilla Firefox < 1.7.13 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
| 3513 | Mozilla Thunderbird < 1.5.0.2 or 1.0.8 Multiple Vulnerabilities (deprecated) | Nessus Network Monitor | SMTP Clients | medium |
| 3512 | Mozilla Firefox < 1.0.8 / 1.5.x < 1.5.0.2 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
| 801357 | Mozilla Thunderbird < 1.5.0.2 or 1.0.8 Multiple Vulnerabilities | Log Correlation Engine | SMTP Clients | high |
| 801226 | Mozilla Browser < 1.7.13 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |
| 801220 | Mozilla Firefox < 1.5.0.2 or 1.0.8 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |