Oval Definition:oval:org.mitre.oval:def:10815
Revision Date:2013-04-29Version:11
Title:Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) "by inserting an XBL method into the DOM's document.body prototype chain."
Description:Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) "by inserting an XBL method into the DOM's document.body prototype chain."
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2006-1733
Platform(s):CentOS Linux 3
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
Product(s):
Definition Synopsis
  • OS Section: RHEL3, CentOS3
  • RHEL3 or CentOS3
  • The operating system installed on the system is Red Hat Enterprise Linux 3
  • OR CentOS Linux 3.x
  • AND Configuration section
  • mozilla-js-debugger is earlier than 37:1.7.13-1.1.3.1
  • OR mozilla is earlier than 37:1.7.13-1.1.3.1
  • OR mozilla-chat is earlier than 37:1.7.13-1.1.3.1
  • OR mozilla-mail is earlier than 37:1.7.13-1.1.3.1
  • OR mozilla-dom-inspector is earlier than 37:1.7.13-1.1.3.1
  • OR mozilla-devel is earlier than 37:1.7.13-1.1.3.1
  • OR mozilla-nss is earlier than 37:1.7.13-1.1.3.1
  • OR mozilla-nss-devel is earlier than 37:1.7.13-1.1.3.1
  • OR mozilla-nspr is earlier than 37:1.7.13-1.1.3.1
  • OR mozilla-nspr-devel is earlier than 37:1.7.13-1.1.3.1
  • OR OS Section: RHEL4, CentOS4, Oracle Linux 4
  • RHEL4, CentOS4 or Oracle Linux 4
  • The operating system installed on the system is Red Hat Enterprise Linux 4
  • OR CentOS Linux 4.x
  • OR Oracle Linux 4.x
  • AND Configuration section
  • mozilla-js-debugger is earlier than 37:1.7.13-1.4.1
  • OR devhelp-devel is earlier than 0:0.9.2-2.4.8
  • OR mozilla is earlier than 37:1.7.13-1.4.1
  • OR thunderbird is earlier than 0:1.0.8-1.4.1
  • OR mozilla-chat is earlier than 37:1.7.13-1.4.1
  • OR mozilla-mail is earlier than 37:1.7.13-1.4.1
  • OR mozilla-dom-inspector is earlier than 37:1.7.13-1.4.1
  • OR devhelp is earlier than 0:0.9.2-2.4.8
  • OR mozilla-nss is earlier than 37:1.7.13-1.4.1
  • OR mozilla-devel is earlier than 37:1.7.13-1.4.1
  • OR mozilla-nss-devel is earlier than 37:1.7.13-1.4.1
  • OR firefox is earlier than 0:1.0.8-1.4.1
  • OR mozilla-nspr is earlier than 37:1.7.13-1.4.1
  • OR mozilla-nspr-devel is earlier than 37:1.7.13-1.4.1
    • BACK