CVE-2006-1733 — MEDIUM (6.8)

Q: How severe is CVE-2006-1733?

CVE-2006-1733 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2006-1733?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Mozilla Suite, Mozilla Seamonkey, Mozilla Thunderbird.

Vulnerability Description

Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) "by inserting an XBL method into the DOM's document.body prototype chain."

CVSS Score

6.8

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Mozilla	Firefox	<= 1.0.7
Mozilla	Mozilla Suite	<= 1.7.12
Mozilla	Seamonkey	<= 1.0
Mozilla	Thunderbird	<= 1.0.7

Related Weaknesses (CWE)

CWE-264

References

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.ascPatch
http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html
http://secunia.com/advisories/19631Vendor Advisory
http://secunia.com/advisories/19696
http://secunia.com/advisories/19714Vendor Advisory
http://secunia.com/advisories/19721Vendor Advisory
http://secunia.com/advisories/19729
http://secunia.com/advisories/19746Vendor Advisory
http://secunia.com/advisories/19759Vendor Advisory
http://secunia.com/advisories/19780
http://secunia.com/advisories/19794Vendor Advisory
http://secunia.com/advisories/19811Vendor Advisory
http://secunia.com/advisories/19821Vendor Advisory
http://secunia.com/advisories/19823Vendor Advisory

FAQ

What is CVE-2006-1733?

CVE-2006-1733 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL ...

How severe is CVE-2006-1733?

CVE-2006-1733 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2006-1733?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Mozilla Suite, Mozilla Seamonkey, Mozilla Thunderbird.