CVE-2006-2776

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended.

References

http://rhn.redhat.com/errata/RHSA-2006-0609.html

http://secunia.com/advisories/20376

http://secunia.com/advisories/20382

http://secunia.com/advisories/20561

http://secunia.com/advisories/20709

http://secunia.com/advisories/21134

http://secunia.com/advisories/21176

http://secunia.com/advisories/21178

http://secunia.com/advisories/21183

http://secunia.com/advisories/21188

http://secunia.com/advisories/21210

http://secunia.com/advisories/21269

http://secunia.com/advisories/21270

http://secunia.com/advisories/21324

http://secunia.com/advisories/21336

http://secunia.com/advisories/21532

http://secunia.com/advisories/21607

http://secunia.com/advisories/21631

http://secunia.com/advisories/22065

http://secunia.com/advisories/22066

http://secunia.com/advisories/24108

http://securitytracker.com/id?1016202

http://securitytracker.com/id?1016214

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102800-1

http://www.debian.org/security/2006/dsa-1118

http://www.debian.org/security/2006/dsa-1120

http://www.debian.org/security/2006/dsa-1134

http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml

http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml

http://www.kb.cert.org/vuls/id/575969

http://www.mandriva.com/security/advisories?name=MDKSA-2006:143

http://www.mandriva.com/security/advisories?name=MDKSA-2006:145

http://www.mandriva.com/security/advisories?name=MDKSA-2006:146

http://www.mozilla.org/security/announce/2006/mfsa2006-37.html

http://www.novell.com/linux/security/advisories/2006_35_mozilla.html

http://www.redhat.com/support/errata/RHSA-2006-0578.html

http://www.redhat.com/support/errata/RHSA-2006-0594.html

http://www.redhat.com/support/errata/RHSA-2006-0610.html

http://www.redhat.com/support/errata/RHSA-2006-0611.html

http://www.securityfocus.com/archive/1/435795/100/0/threaded

http://www.securityfocus.com/archive/1/446657/100/200/threaded

http://www.securityfocus.com/archive/1/446658/100/200/threaded

http://www.securityfocus.com/bid/18228

http://www.us-cert.gov/cas/techalerts/TA06-153A.html

http://www.vupen.com/english/advisories/2006/2106

http://www.vupen.com/english/advisories/2006/3748

http://www.vupen.com/english/advisories/2006/3749

http://www.vupen.com/english/advisories/2007/0573

http://www.vupen.com/english/advisories/2008/0083

https://exchange.xforce.ibmcloud.com/vulnerabilities/26848

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9849

https://usn.ubuntu.com/296-1/

https://usn.ubuntu.com/296-2/

https://usn.ubuntu.com/297-1/

https://usn.ubuntu.com/297-3/

https://usn.ubuntu.com/323-1/

Details

Source: MITRE

Published: 2006-06-02

Updated: 2018-10-18

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.6:*:linux:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.0.5:beta:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*

Tenable Plugins

View all (34 total)

IDNameProductFamilySeverity
67424Oracle Linux 4 : thunderbird (ELSA-2006-0735 / ELSA-2006-0677 / ELBA-2006-0624 / ELSA-2006-0611)NessusOracle Linux Local Security Checks
critical
67422Oracle Linux 4 : firefox (ELSA-2006-0733 / ELSA-2006-0675 / ELSA-2006-0610)NessusOracle Linux Local Security Checks
critical
27901Ubuntu 5.04 / 5.10 : mozilla vulnerabilities (USN-323-1)NessusUbuntu Local Security Checks
high
27872Ubuntu 5.04 / 5.10 : mozilla-thunderbird vulnerabilities (USN-297-3)NessusUbuntu Local Security Checks
high
27870Ubuntu 6.06 LTS : mozilla-thunderbird vulnerabilities (USN-297-1)NessusUbuntu Local Security Checks
high
27869Ubuntu 5.04 / 5.10 : firefox, mozilla-firefox vulnerabilities (USN-296-2)NessusUbuntu Local Security Checks
high
27868Ubuntu 6.06 LTS : firefox vulnerabilities (USN-296-1)NessusUbuntu Local Security Checks
high
27124openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-1672)NessusSuSE Local Security Checks
high
27112openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-1585)NessusSuSE Local Security Checks
high
23894Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2006:146)NessusMandriva Local Security Checks
critical
23892Mandrake Linux Security Advisory : mozilla-firefox (MDKSA-2006:143-1)NessusMandriva Local Security Checks
critical
22676Debian DSA-1134-1 : mozilla-thunderbird - several vulnerabilitiesNessusDebian Local Security Checks
high
22662Debian DSA-1120-1 : mozilla-firefox - several vulnerabilitiesNessusDebian Local Security Checks
high
22660Debian DSA-1118-1 : mozilla - several vulnerabilitiesNessusDebian Local Security Checks
high
22291RHEL 2.1 : seamonkey (RHSA-2006:0594)NessusRed Hat Local Security Checks
high
22163CentOS 4 : seamonkey (CESA-2006:0609)NessusCentOS Local Security Checks
high
22150RHEL 4 : seamonkey (RHSA-2006:0609)NessusRed Hat Local Security Checks
high
22138CentOS 4 : thunderbird (CESA-2006:0611)NessusCentOS Local Security Checks
high
22137CentOS 4 : Firefox (CESA-2006:0610)NessusCentOS Local Security Checks
high
22122RHEL 4 : thunderbird (RHSA-2006:0611)NessusRed Hat Local Security Checks
high
22121RHEL 4 : firefox (RHSA-2006:0610)NessusRed Hat Local Security Checks
high
3695Mozilla Firefox 1.5.x < 1.5.0.5 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
3694Mozilla Thunderbird < 1.5.0.5 Multiple Vulnerabilities (deprecated)Nessus Network MonitorSMTP Clients
medium
22088RHEL 3 : seamonkey (RHSA-2006:0578)NessusRed Hat Local Security Checks
high
21734GLSA-200606-21 : Mozilla Thunderbird: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
21705GLSA-200606-12 : Mozilla Firefox: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
21629SeaMonkey < 1.0.2 Multiple VulnerabilitiesNessusWindows
high
21628Mozilla Thunderbird < 1.5.0.4 Multiple VulnerabilitiesNessusWindows
high
21627Firefox < 1.5.0.4 Multiple VulnerabilitiesNessusWindows
high
3638Thunderbird < 1.5.0.4 Multiple Vulnerabilities (deprecated)Nessus Network MonitorSMTP Clients
medium
3637SeaMonkey < 1.0.2 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
3636Mozilla Firefox 1.5.x < 1.5.0.4 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
801227Mozilla Thunderbird < 1.5.0.5 Multiple VulnerabilitiesLog Correlation EngineSMTP Clients
high
800779Firefox < 1.5.0.4 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high