Vulnerability Description
EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox.
CVSS Score
9.3
HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | 1.0 |
| Mozilla | Thunderbird | 1.0 |
References
- http://rhn.redhat.com/errata/RHSA-2006-0609.html
- http://secunia.com/advisories/20376
- http://secunia.com/advisories/20382
- http://secunia.com/advisories/20561
- http://secunia.com/advisories/20709
- http://secunia.com/advisories/21134
- http://secunia.com/advisories/21176
- http://secunia.com/advisories/21178
- http://secunia.com/advisories/21183
- http://secunia.com/advisories/21188
- http://secunia.com/advisories/21210
- http://secunia.com/advisories/21269
- http://secunia.com/advisories/21270
- http://secunia.com/advisories/21324
- http://secunia.com/advisories/21336
FAQ
What is CVE-2006-2787?
CVE-2006-2787 is a vulnerability with a CVSS score of 9.3 (HIGH). EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sand...
How severe is CVE-2006-2787?
CVE-2006-2787 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2787?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Thunderbird.