Vulnerability Description
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using an eval in an XBL method binding (XBL.method.eval) to create Javascript functions that are compiled with extra privileges.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | <= 1.0.7 |
| Mozilla | Mozilla Suite | <= 1.7.12 |
| Mozilla | Seamonkey | <= 1.0 |
| Mozilla | Thunderbird | <= 1.0.7 |
Related Weaknesses (CWE)
References
- ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
- ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc
- http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html
- http://secunia.com/advisories/19631
- http://secunia.com/advisories/19696
- http://secunia.com/advisories/19714Vendor Advisory
- http://secunia.com/advisories/19721Vendor Advisory
- http://secunia.com/advisories/19729
- http://secunia.com/advisories/19746Vendor Advisory
- http://secunia.com/advisories/19759
- http://secunia.com/advisories/19780
- http://secunia.com/advisories/19794
- http://secunia.com/advisories/19811Vendor Advisory
- http://secunia.com/advisories/19821
- http://secunia.com/advisories/19823Vendor Advisory
FAQ
What is CVE-2006-1735?
CVE-2006-1735 is a vulnerability with a CVSS score of 9.3 (HIGH). Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using an eval in an XB...
How severe is CVE-2006-1735?
CVE-2006-1735 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-1735?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Mozilla Suite, Mozilla Seamonkey, Mozilla Thunderbird.