CVE-2006-1727

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to gain chrome privileges via multiple attack vectors related to the use of XBL scripts with "Print Preview".

References

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt

ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc

http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html

http://secunia.com/advisories/19631

http://secunia.com/advisories/19649

http://secunia.com/advisories/19696

http://secunia.com/advisories/19714

http://secunia.com/advisories/19721

http://secunia.com/advisories/19729

http://secunia.com/advisories/19746

http://secunia.com/advisories/19759

http://secunia.com/advisories/19780

http://secunia.com/advisories/19811

http://secunia.com/advisories/19821

http://secunia.com/advisories/19823

http://secunia.com/advisories/19852

http://secunia.com/advisories/19862

http://secunia.com/advisories/19863

http://secunia.com/advisories/19902

http://secunia.com/advisories/19941

http://secunia.com/advisories/19950

http://secunia.com/advisories/20051

http://secunia.com/advisories/21033

http://secunia.com/advisories/21622

http://secunia.com/advisories/22065

http://secunia.com/advisories/22066

http://securitytracker.com/id?1015926

http://securitytracker.com/id?1015927

http://securitytracker.com/id?1015928

http://securitytracker.com/id?1015929

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1

http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm

http://www.debian.org/security/2006/dsa-1044

http://www.debian.org/security/2006/dsa-1046

http://www.debian.org/security/2006/dsa-1051

http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml

http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml

http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml

http://www.mandriva.com/security/advisories?name=MDKSA-2006:076

http://www.mandriva.com/security/advisories?name=MDKSA-2006:078

http://www.mozilla.org/security/announce/2006/mfsa2006-25.html

http://www.novell.com/linux/security/advisories/2006_04_25.html

http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html

http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html

http://www.redhat.com/support/errata/RHSA-2006-0328.html

http://www.redhat.com/support/errata/RHSA-2006-0329.html

http://www.redhat.com/support/errata/RHSA-2006-0330.html

http://www.securityfocus.com/archive/1/436296/100/0/threaded

http://www.securityfocus.com/archive/1/436338/100/0/threaded

http://www.securityfocus.com/archive/1/438730/100/0/threaded

http://www.securityfocus.com/archive/1/446657/100/200/threaded

http://www.securityfocus.com/archive/1/446658/100/200/threaded

http://www.securityfocus.com/bid/17516

http://www.vupen.com/english/advisories/2006/1356

http://www.vupen.com/english/advisories/2006/3391

http://www.vupen.com/english/advisories/2006/3748

http://www.vupen.com/english/advisories/2006/3749

http://www.vupen.com/english/advisories/2008/0083

https://exchange.xforce.ibmcloud.com/vulnerabilities/25824

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10364

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1649

https://usn.ubuntu.com/271-1/

https://usn.ubuntu.com/275-1/

https://usn.ubuntu.com/276-1/

Details

Source: MITRE

Published: 2006-04-14

Updated: 2018-10-18

Risk Information

CVSS v2

Base Score: 7.6

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 4.9

Severity: HIGH

Tenable Plugins

View all (35 total)

IDNameProductFamilySeverity
29744Firefox < 1.0.8 Multiple VulnerabilitiesNessusWindows
high
24403Solaris 9 (sparc) : 120671-08NessusSolaris Local Security Checks
critical
24395Solaris 8 (sparc) : 120671-08NessusSolaris Local Security Checks
critical
23773Solaris 9 (x86) : 120672-08NessusSolaris Local Security Checks
critical
23772Solaris 8 (x86) : 120672-08NessusSolaris Local Security Checks
critical
22987Solaris 10 (x86) : 119116-35 (deprecated)NessusSolaris Local Security Checks
critical
22954Solaris 10 (sparc) : 119115-36 (deprecated)NessusSolaris Local Security Checks
critical
22593Debian DSA-1051-1 : mozilla-thunderbird - several vulnerabilitiesNessusDebian Local Security Checks
critical
22588Debian DSA-1046-1 : mozilla - several vulnerabilitiesNessusDebian Local Security Checks
critical
22586Debian DSA-1044-1 : mozilla-firefox - several vulnerabilitiesNessusDebian Local Security Checks
critical
21994CentOS 4 : thunderbird (CESA-2006:0330)NessusCentOS Local Security Checks
critical
21993CentOS 4 : firefox (CESA-2006:0328)NessusCentOS Local Security Checks
critical
21898CentOS 3 / 4 : mozilla (CESA-2006:0329)NessusCentOS Local Security Checks
critical
21461FreeBSD : mozilla -- multiple vulnerabilities (84630f4a-cd8c-11da-b7b9-000c6ec775d9)NessusFreeBSD Local Security Checks
critical
21351GLSA-200605-09 : Mozilla Thunderbird: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
21321Ubuntu 5.04 / 5.10 : mozilla-thunderbird vulnerabilities (USN-276-1)NessusUbuntu Local Security Checks
critical
21315GLSA-200604-18 : Mozilla Suite: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
21301Ubuntu 4.10 / 5.04 / 5.10 : mozilla vulnerabilities (USN-275-1)NessusUbuntu Local Security Checks
critical
21288RHEL 4 : thunderbird (RHSA-2006:0330)NessusRed Hat Local Security Checks
critical
21284Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2006:078)NessusMandriva Local Security Checks
critical
21277GLSA-200604-12 : Mozilla Firefox: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
21270Ubuntu 4.10 / 5.04 / 5.10 : mozilla-firefox, firefox vulnerabilities (USN-271-1)NessusUbuntu Local Security Checks
critical
21257RHEL 2.1 / 3 / 4 : mozilla (RHSA-2006:0329)NessusRed Hat Local Security Checks
critical
21251Fedora Core 5 : firefox-1.5.0.2-1.1.fc5 (2006-411)NessusFedora Local Security Checks
critical
21250Fedora Core 4 : firefox-1.0.8-1.1.fc4 (2006-410)NessusFedora Local Security Checks
critical
21232RHEL 4 : firefox (RHSA-2006:0328)NessusRed Hat Local Security Checks
critical
21226SeaMonkey < 1.0.1 Multiple VulnerabilitiesNessusWindows
high
21225Firefox < 1.5.0.2 Multiple VulnerabilitiesNessusWindows
high
3516SeaMonkey < 1.0.1 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
3514Mozilla Firefox < 1.7.13 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
3513Mozilla Thunderbird < 1.5.0.2 or 1.0.8 Multiple Vulnerabilities (deprecated)Nessus Network MonitorSMTP Clients
medium
3512Mozilla Firefox < 1.0.8 / 1.5.x < 1.5.0.2 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
801357Mozilla Thunderbird < 1.5.0.2 or 1.0.8 Multiple VulnerabilitiesLog Correlation EngineSMTP Clients
high
801226Mozilla Browser < 1.7.13 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
801220Mozilla Firefox < 1.5.0.2 or 1.0.8 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high