Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using an eval in an XBL method binding (XBL.method.eval) to create Javascript functions that are compiled with extra privileges.
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc
http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html
http://secunia.com/advisories/19631
http://secunia.com/advisories/19696
http://secunia.com/advisories/19714
http://secunia.com/advisories/19721
http://secunia.com/advisories/19729
http://secunia.com/advisories/19746
http://secunia.com/advisories/19759
http://secunia.com/advisories/19780
http://secunia.com/advisories/19794
http://secunia.com/advisories/19811
http://secunia.com/advisories/19821
http://secunia.com/advisories/19823
http://secunia.com/advisories/19852
http://secunia.com/advisories/19862
http://secunia.com/advisories/19863
http://secunia.com/advisories/19902
http://secunia.com/advisories/19941
http://secunia.com/advisories/19950
http://secunia.com/advisories/20051
http://secunia.com/advisories/21033
http://secunia.com/advisories/21622
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
http://www.debian.org/security/2006/dsa-1044
http://www.debian.org/security/2006/dsa-1046
http://www.debian.org/security/2006/dsa-1051
http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml
http://www.kb.cert.org/vuls/id/813230
http://www.mandriva.com/security/advisories?name=MDKSA-2006:075
http://www.mandriva.com/security/advisories?name=MDKSA-2006:076
http://www.mandriva.com/security/advisories?name=MDKSA-2006:078
http://www.mozilla.org/security/announce/2006/mfsa2006-14.html
http://www.novell.com/linux/security/advisories/2006_04_25.html
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html
http://www.redhat.com/support/errata/RHSA-2006-0328.html
http://www.redhat.com/support/errata/RHSA-2006-0329.html
http://www.redhat.com/support/errata/RHSA-2006-0330.html
http://www.securityfocus.com/archive/1/434524/100/0/threaded
http://www.securityfocus.com/archive/1/436296/100/0/threaded
http://www.securityfocus.com/archive/1/436338/100/0/threaded
http://www.securityfocus.com/archive/1/438730/100/0/threaded
http://www.securityfocus.com/bid/17516
http://www.us-cert.gov/cas/techalerts/TA06-107A.html
http://www.vupen.com/english/advisories/2006/1356
https://exchange.xforce.ibmcloud.com/vulnerabilities/25815
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1037
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10930
OR
cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* versions up to 1.0.7 (inclusive)
cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla_suite:1.7.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla_suite:1.7.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla_suite:1.7.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla_suite:1.7.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla_suite:1.7.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla_suite:*:*:*:*:*:*:*:* versions up to 1.7.12 (inclusive)
cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:*:beta:*:*:*:*:*:* versions up to 1.0 (inclusive)
cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.0.5:beta:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* versions up to 1.0.7 (inclusive)
ID | Name | Product | Family | Severity |
---|---|---|---|---|
29744 | Firefox < 1.0.8 Multiple Vulnerabilities | Nessus | Windows | high |
24403 | Solaris 9 (sparc) : 120671-08 | Nessus | Solaris Local Security Checks | critical |
24395 | Solaris 8 (sparc) : 120671-08 | Nessus | Solaris Local Security Checks | critical |
23773 | Solaris 9 (x86) : 120672-08 | Nessus | Solaris Local Security Checks | critical |
23772 | Solaris 8 (x86) : 120672-08 | Nessus | Solaris Local Security Checks | critical |
22987 | Solaris 10 (x86) : 119116-35 (deprecated) | Nessus | Solaris Local Security Checks | critical |
22954 | Solaris 10 (sparc) : 119115-36 (deprecated) | Nessus | Solaris Local Security Checks | critical |
22593 | Debian DSA-1051-1 : mozilla-thunderbird - several vulnerabilities | Nessus | Debian Local Security Checks | critical |
22588 | Debian DSA-1046-1 : mozilla - several vulnerabilities | Nessus | Debian Local Security Checks | critical |
22586 | Debian DSA-1044-1 : mozilla-firefox - several vulnerabilities | Nessus | Debian Local Security Checks | critical |
21994 | CentOS 4 : thunderbird (CESA-2006:0330) | Nessus | CentOS Local Security Checks | critical |
21993 | CentOS 4 : firefox (CESA-2006:0328) | Nessus | CentOS Local Security Checks | critical |
21898 | CentOS 3 / 4 : mozilla (CESA-2006:0329) | Nessus | CentOS Local Security Checks | critical |
21461 | FreeBSD : mozilla -- multiple vulnerabilities (84630f4a-cd8c-11da-b7b9-000c6ec775d9) | Nessus | FreeBSD Local Security Checks | critical |
21351 | GLSA-200605-09 : Mozilla Thunderbird: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | critical |
21321 | Ubuntu 5.04 / 5.10 : mozilla-thunderbird vulnerabilities (USN-276-1) | Nessus | Ubuntu Local Security Checks | critical |
21315 | GLSA-200604-18 : Mozilla Suite: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | critical |
21301 | Ubuntu 4.10 / 5.04 / 5.10 : mozilla vulnerabilities (USN-275-1) | Nessus | Ubuntu Local Security Checks | critical |
21288 | RHEL 4 : thunderbird (RHSA-2006:0330) | Nessus | Red Hat Local Security Checks | critical |
21284 | Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2006:078) | Nessus | Mandriva Local Security Checks | critical |
21282 | Mandrake Linux Security Advisory : mozilla-firefox (MDKSA-2006:075) | Nessus | Mandriva Local Security Checks | critical |
21277 | GLSA-200604-12 : Mozilla Firefox: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | critical |
21270 | Ubuntu 4.10 / 5.04 / 5.10 : mozilla-firefox, firefox vulnerabilities (USN-271-1) | Nessus | Ubuntu Local Security Checks | critical |
21257 | RHEL 2.1 / 3 / 4 : mozilla (RHSA-2006:0329) | Nessus | Red Hat Local Security Checks | critical |
21251 | Fedora Core 5 : firefox-1.5.0.2-1.1.fc5 (2006-411) | Nessus | Fedora Local Security Checks | critical |
21250 | Fedora Core 4 : firefox-1.0.8-1.1.fc4 (2006-410) | Nessus | Fedora Local Security Checks | critical |
21232 | RHEL 4 : firefox (RHSA-2006:0328) | Nessus | Red Hat Local Security Checks | critical |
21226 | SeaMonkey < 1.0.1 Multiple Vulnerabilities | Nessus | Windows | high |
20863 | SeaMonkey < 1.0 Multiple Vulnerabilities | Nessus | Windows | high |
3516 | SeaMonkey < 1.0.1 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
3514 | Mozilla Firefox < 1.7.13 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
3513 | Mozilla Thunderbird < 1.5.0.2 or 1.0.8 Multiple Vulnerabilities (deprecated) | Nessus Network Monitor | SMTP Clients | medium |
3512 | Mozilla Firefox < 1.0.8 / 1.5.x < 1.5.0.2 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
801357 | Mozilla Thunderbird < 1.5.0.2 or 1.0.8 Multiple Vulnerabilities | Log Correlation Engine | SMTP Clients | high |
801226 | Mozilla Browser < 1.7.13 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |
801220 | Mozilla Firefox < 1.5.0.2 or 1.0.8 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |