Vulnerability Name: CVE-2006-2775 (CCN-26846) Assigned: 2006-06-01 Published: 2006-06-01 Updated: 2018-10-18 Summary: Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attributes with the wrong URL under certain unspecified circumstances, which might allow remote attackers to bypass restrictions by causing a persisted string to be associated with the wrong URL. Mozilla, Thunderbird versions are only vulnerable if you turn on JavaScript in mail.
This vulnerability is addressed in the following product release:
Mozilla, Firefox, 1.5.0.4
Mozilla, Thunderbird, 1.5.0.4 CVSS v3 Severity: 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): Low
CVSS v2 Severity: 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
Vulnerability Type: CWE-264 Vulnerability Consequences: Gain Access References: Source: MITRE Type: CNACVE-2006-2775 Source: CCN Type: SA20376Firefox Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory20376 Source: CCN Type: SA20382Thunderbird Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory20382 Source: SECUNIA Type: Vendor Advisory20561 Source: SECUNIA Type: Vendor Advisory20709 Source: SECUNIA Type: Vendor Advisory21176 Source: SECUNIA Type: Vendor Advisory21178 Source: SECUNIA Type: Vendor Advisory21183 Source: SECUNIA Type: Vendor Advisory21188 Source: SECUNIA Type: Vendor Advisory21210 Source: SECUNIA Type: Vendor Advisory21324 Source: SECUNIA Type: Vendor Advisory21532 Source: SECUNIA Type: Vendor Advisory21607 Source: SECUNIA Type: Vendor Advisory22065 Source: SECUNIA Type: Vendor Advisory22066 Source: CCN Type: SECTRACK ID: 1016202Mozilla Firefox Bugs Permit Arbitrary Code Execution, Cross-Site Scripting, and HTTP Response Smuggling Source: SECTRACK Type: UNKNOWN1016202 Source: CCN Type: SECTRACK ID: 1016214Mozilla Thunderbird Bugs Permit Arbitrary Code Execution, Cross-Site Scripting, and HTTP Response Smuggling Source: SECTRACK Type: UNKNOWN1016214 Source: CCN Type: ASA-2006-259HP-UX Firefox Vulnerabilities Source: CCN Type: ASA-2007-097HP-UX Running Firefox Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS) (HPSBUX02153) Source: CCN Type: ASA-2007-135HP-UX Running Thunderbird Remote Unauthorized Access or Elevation of Privileges or Denial of Service (HPSBUX02156) Source: DEBIAN Type: UNKNOWNDSA-1118 Source: DEBIAN Type: UNKNOWNDSA-1120 Source: DEBIAN Type: UNKNOWNDSA-1134 Source: DEBIAN Type: DSA-1118mozilla -- several vulnerabilities Source: DEBIAN Type: DSA-1120mozilla-firefox -- several vulnerabilities Source: DEBIAN Type: DSA-1134mozilla-thunderbird -- several vulnerabilities Source: CCN Type: GLSA-200606-12Mozilla Firefox: Multiple vulnerabilities Source: GENTOO Type: UNKNOWNGLSA-200606-12 Source: CCN Type: GLSA-200606-21Mozilla Thunderbird: Multiple vulnerabilities Source: GENTOO Type: UNKNOWNGLSA-200606-21 Source: CCN Type: GLSA-200703-05Mozilla Suite: Multiple vulnerabilities Source: CCN Type: US-CERT VU#243153Mozilla may associate persisted XUL attributes with an incorrect URL Source: CERT-VN Type: Patch, US Government ResourceVU#243153 Source: MANDRIVA Type: UNKNOWNMDKSA-2006:143 Source: MANDRIVA Type: UNKNOWNMDKSA-2006:145 Source: MANDRIVA Type: UNKNOWNMDKSA-2006:146 Source: CCN Type: MFSA 2006-35Privilege escalation through XUL persist. Source: CONFIRM Type: Patch, Vendor Advisoryhttp://www.mozilla.org/security/announce/2006/mfsa2006-35.html Source: SUSE Type: UNKNOWNSUSE-SA:2006:035 Source: CCN Type: OSVDB ID: 26298Mozilla Multiple Products Persistent XUL Attribute Privilege Escalation Source: BUGTRAQ Type: UNKNOWN20060602 rPSA-2006-0091-1 firefox thunderbird Source: HP Type: UNKNOWNSSRT061236 Source: HP Type: UNKNOWNSSRT061181 Source: BID Type: UNKNOWN18228 Source: CCN Type: BID-18228Mozilla Firefox, SeaMonkey, Camino, and Thunderbird Multiple Remote Vulnerabilities Source: CCN Type: USN-296-1Firefox vulnerabilities Source: CCN Type: USN-296-2Firefox vulnerabilities Source: CCN Type: USN-297-1Thunderbird vulnerabilities Source: CCN Type: USN-297-2Thunderbird extensions update for recent security update Source: CCN Type: USN-297-3Thunderbird vulnerabilities Source: CCN Type: USN-323-1Mozilla vulnerabilities Source: CERT Type: Patch, US Government ResourceTA06-153A Source: VUPEN Type: Vendor AdvisoryADV-2006-2106 Source: VUPEN Type: Vendor AdvisoryADV-2006-3748 Source: VUPEN Type: Vendor AdvisoryADV-2006-3749 Source: VUPEN Type: Vendor AdvisoryADV-2008-0083 Source: XF Type: UNKNOWNmozilla-xul-code-execution(26846) Source: XF Type: UNKNOWNmozilla-xul-code-execution(26846) Source: UBUNTU Type: UNKNOWNUSN-296-1 Source: UBUNTU Type: UNKNOWNUSN-296-2 Source: UBUNTU Type: UNKNOWNUSN-297-1 Source: UBUNTU Type: UNKNOWNUSN-297-3 Source: UBUNTU Type: UNKNOWNUSN-323-1 Source: SUSE Type: SUSE-SA:2006:035Mozilla browser security problems Vulnerable Configuration: Configuration 1 :cpe:/a:mozilla:firefox:0.8:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.9:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.9:rc:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.9.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.9.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.9.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.10:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.10.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.0:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.0.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.0.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.0.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.0.6:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.0.6:*:linux:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.0.7:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5:beta1:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5:beta2:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:*:*:*:*:*:*:*:* (Version <= 1.5.0.3) OR cpe:/a:mozilla:thunderbird:0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.6:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.7:-:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.8:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.9:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0:-:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0.5:beta:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5:-:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:*:*:*:*:*:*:*:* (Version <= 1.5.0.1) Configuration CCN 1 :cpe:/a:mozilla:firefox:0.8:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.9:rc:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.9.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.9.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.9.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.10.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.8:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.0:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.0.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.0.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.0.6:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5:beta1:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.0.7:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5:-:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.10:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:0.9:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.0.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5:beta2:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.6:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.7:-:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:0.9:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0:-:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.0.5:beta:*:*:*:*:*:* AND cpe:/o:gentoo:linux:*:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:* OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:* OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:* OR cpe:/o:suse:suse_linux:10.1::personal:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:* Denotes that component is vulnerable Oval Definitions BACK
mozilla firefox 0.8
mozilla firefox 0.9
mozilla firefox 0.9 rc
mozilla firefox 0.9.1
mozilla firefox 0.9.2
mozilla firefox 0.9.3
mozilla firefox 0.10
mozilla firefox 0.10.1
mozilla firefox 1.0
mozilla firefox 1.0.1
mozilla firefox 1.0.2
mozilla firefox 1.0.3
mozilla firefox 1.0.4
mozilla firefox 1.0.5
mozilla firefox 1.0.6
mozilla firefox 1.0.6
mozilla firefox 1.0.7
mozilla firefox 1.5
mozilla firefox 1.5 beta1
mozilla firefox 1.5 beta2
mozilla firefox 1.5.0.1
mozilla firefox 1.5.0.2
mozilla firefox *
mozilla thunderbird 0.1
mozilla thunderbird 0.2
mozilla thunderbird 0.3
mozilla thunderbird 0.4
mozilla thunderbird 0.5
mozilla thunderbird 0.6
mozilla thunderbird 0.7
mozilla thunderbird 0.7.1
mozilla thunderbird 0.7.2
mozilla thunderbird 0.7.3
mozilla thunderbird 0.8
mozilla thunderbird 0.9
mozilla thunderbird 1.0
mozilla thunderbird 1.0.1
mozilla thunderbird 1.0.2
mozilla thunderbird 1.0.3
mozilla thunderbird 1.0.4
mozilla thunderbird 1.0.5
mozilla thunderbird 1.0.5 beta
mozilla thunderbird 1.0.6
mozilla thunderbird 1.0.7
mozilla thunderbird 1.5
mozilla thunderbird 1.5 beta2
mozilla thunderbird *
mozilla firefox 0.8
mozilla firefox 0.9 rc
mozilla firefox 0.9.2
mozilla firefox 0.9.1
mozilla firefox 0.9.3
mozilla firefox 0.10.1
mozilla thunderbird 0.8
mozilla firefox 1.0
mozilla thunderbird 1.0.1
mozilla firefox 1.0.1
mozilla firefox 1.0.2
mozilla firefox 1.0.3
mozilla firefox 1.0.4
mozilla firefox 1.0.6
mozilla firefox 1.5 beta1
mozilla firefox 1.0.7
mozilla thunderbird 1.0.2
mozilla thunderbird 1.0.6
mozilla thunderbird 1.0.7
mozilla firefox 1.5
mozilla thunderbird 1.5
mozilla thunderbird 1.5 beta2
mozilla firefox 1.5.0.2
mozilla firefox 1.5.0.3
mozilla thunderbird 1.5.0.1
mozilla firefox 0.10
mozilla firefox 0.9
mozilla firefox 1.0.5
mozilla firefox 1.5.0.1
mozilla firefox 1.5 beta2
mozilla thunderbird 0.1
mozilla thunderbird 0.2
mozilla thunderbird 0.3
mozilla thunderbird 0.4
mozilla thunderbird 0.5
mozilla thunderbird 0.6
mozilla thunderbird 0.7
mozilla thunderbird 0.7.1
mozilla thunderbird 0.7.2
mozilla thunderbird 0.7.3
mozilla thunderbird 0.9
mozilla thunderbird 1.0
mozilla thunderbird 1.0.3
mozilla thunderbird 1.0.4
mozilla thunderbird 1.0.5
mozilla thunderbird 1.0.5 beta
gentoo linux *
mandrakesoft mandrake linux corporate server 3.0
debian debian linux 3.1
mandrakesoft mandrake linux 2006
canonical ubuntu 6.06
suse suse linux 10.1
mandrakesoft mandrake linux 2006
mandrakesoft mandrake linux corporate server 3.0