Vulnerability Description
Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attributes with the wrong URL under certain unspecified circumstances, which might allow remote attackers to bypass restrictions by causing a persisted string to be associated with the wrong URL.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | <= 1.5.0.3 |
| Mozilla | Thunderbird | <= 1.5.0.1 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/20376Vendor Advisory
- http://secunia.com/advisories/20382Vendor Advisory
- http://secunia.com/advisories/20561Vendor Advisory
- http://secunia.com/advisories/20709Vendor Advisory
- http://secunia.com/advisories/21176Vendor Advisory
- http://secunia.com/advisories/21178Vendor Advisory
- http://secunia.com/advisories/21183Vendor Advisory
- http://secunia.com/advisories/21188Vendor Advisory
- http://secunia.com/advisories/21210Vendor Advisory
- http://secunia.com/advisories/21324Vendor Advisory
- http://secunia.com/advisories/21532Vendor Advisory
- http://secunia.com/advisories/21607Vendor Advisory
- http://secunia.com/advisories/22065Vendor Advisory
- http://secunia.com/advisories/22066Vendor Advisory
- http://securitytracker.com/id?1016202
FAQ
What is CVE-2006-2775?
CVE-2006-2775 is a vulnerability with a CVSS score of 7.5 (HIGH). Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attributes with the wrong URL under certain unspecified circumstances, which might allow remote attackers to bypass restrictions by causin...
How severe is CVE-2006-2775?
CVE-2006-2775 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2775?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Thunderbird.