CVE-2006-5747

HIGH

Description

Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary code via the XML.prototype.hasOwnProperty JavaScript function.

References

ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P

http://rhn.redhat.com/errata/RHSA-2006-0733.html

http://rhn.redhat.com/errata/RHSA-2006-0734.html

http://rhn.redhat.com/errata/RHSA-2006-0735.html

http://secunia.com/advisories/22066

http://secunia.com/advisories/22722

http://secunia.com/advisories/22727

http://secunia.com/advisories/22737

http://secunia.com/advisories/22763

http://secunia.com/advisories/22770

http://secunia.com/advisories/22774

http://secunia.com/advisories/22815

http://secunia.com/advisories/22817

http://secunia.com/advisories/22929

http://secunia.com/advisories/22965

http://secunia.com/advisories/22980

http://secunia.com/advisories/23009

http://secunia.com/advisories/23013

http://secunia.com/advisories/23263

http://secunia.com/advisories/23287

http://secunia.com/advisories/23297

http://secunia.com/advisories/24711

http://security.gentoo.org/glsa/glsa-200612-06.xml

http://security.gentoo.org/glsa/glsa-200612-07.xml

http://security.gentoo.org/glsa/glsa-200612-08.xml

http://securitytracker.com/id?1017177

http://securitytracker.com/id?1017178

http://securitytracker.com/id?1017179

http://support.avaya.com/elmodocs2/security/ASA-2006-246.htm

http://www.kb.cert.org/vuls/id/815432

http://www.mandriva.com/security/advisories?name=MDKSA-2006:205

http://www.mandriva.com/security/advisories?name=MDKSA-2006:206

http://www.mozilla.org/security/announce/2006/mfsa2006-65.html

http://www.novell.com/linux/security/advisories/2006_68_mozilla.html

http://www.securityfocus.com/archive/1/451099/100/0/threaded

http://www.securityfocus.com/bid/20957

http://www.ubuntu.com/usn/usn-381-1

http://www.ubuntu.com/usn/usn-382-1

http://www.us-cert.gov/cas/techalerts/TA06-312A.html

http://www.vupen.com/english/advisories/2006/3748

http://www.vupen.com/english/advisories/2006/4387

http://www.vupen.com/english/advisories/2007/1198

http://www.vupen.com/english/advisories/2008/0083

http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742

https://bugzilla.mozilla.org/show_bug.cgi?id=355569

https://exchange.xforce.ibmcloud.com/vulnerabilities/30093

https://issues.rpath.com/browse/RPL-765

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11496

Details

Source: MITRE

Published: 2006-11-08

Updated: 2018-10-17

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH