| Vulnerability Name: | CVE-2006-2777 (CCN-26853) |
| Assigned: | 2006-06-01 |
| Published: | 2006-06-01 |
| Updated: | 2018-10-18 |
| Summary: | Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to execute arbitrary code by using the nsISelectionPrivate interface of the Selection object to add a SelectionListener and create notifications that are executed in a privileged context.
This vulnerability is addressed in the following product releases:
Mozilla, Firefox, 1.5.0.4
Mozilla, SeaMonkey, 1.0.2
|
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low |
|
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial |
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
| | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial |
|
| Vulnerability Type: | CWE-Other
|
| Vulnerability Consequences: | Gain Access |
| References: | Source: MITRE
Type: CNA
CVE-2006-2777
Source: CCN
Type: SA20376
Firefox Multiple Vulnerabilities
Source: SECUNIA
Type: UNKNOWN
20376
Source: CCN
Type: SA20394
SeaMonkey VCard Double-Free and "addSelectionListener" Vulnerabilities
Source: SECUNIA
Type: UNKNOWN
20394
Source: SECUNIA
Type: UNKNOWN
20561
Source: SECUNIA
Type: UNKNOWN
21176
Source: SECUNIA
Type: UNKNOWN
21178
Source: SECUNIA
Type: UNKNOWN
21183
Source: SECUNIA
Type: UNKNOWN
21188
Source: SECUNIA
Type: UNKNOWN
21324
Source: SECUNIA
Type: UNKNOWN
21532
Source: SECUNIA
Type: UNKNOWN
22066
Source: CCN
Type: SECTRACK ID: 1016202
Mozilla Firefox Bugs Permit Arbitrary Code Execution, Cross-Site Scripting, and HTTP Response Smuggling
Source: SECTRACK
Type: UNKNOWN
1016202
Source: SUNALERT
Type: UNKNOWN
102763
Source: CCN
Type: Sun Alert ID: 200630
Multiple Security Vulnerabilites in Mozilla 1.7 for Solaris 8, 9, and 10
Source: CCN
Type: ASA-2006-259
HP-UX Firefox Vulnerabilities
Source: CCN
Type: ASA-2007-026
Multiple Security Vulnerabilities in Mozilla 1.7 for Solaris 8 9 and 10 (Sun 102763)
Source: CCN
Type: ASA-2007-097
HP-UX Running Firefox Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS) (HPSBUX02153)
Source: DEBIAN
Type: UNKNOWN
DSA-1118
Source: DEBIAN
Type: UNKNOWN
DSA-1120
Source: DEBIAN
Type: UNKNOWN
DSA-1134
Source: DEBIAN
Type: DSA-1118
mozilla -- several vulnerabilities
Source: DEBIAN
Type: DSA-1120
mozilla-firefox -- several vulnerabilities
Source: DEBIAN
Type: DSA-1134
mozilla-thunderbird -- several vulnerabilities
Source: CCN
Type: GLSA-200606-12
Mozilla Firefox: Multiple vulnerabilities
Source: GENTOO
Type: UNKNOWN
GLSA-200606-12
Source: CCN
Type: GLSA-200703-05
Mozilla Suite: Multiple vulnerabilities
Source: CCN
Type: US-CERT VU#237257
Mozilla privilege escalation using addSelectionListener
Source: CERT-VN
Type: Patch, US Government Resource
VU#237257
Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:143
Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:145
Source: CCN
Type: MFSA 2006-43
Privilege escalation using addSelectionListener
Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.mozilla.org/security/announce/2006/mfsa2006-43.html
Source: SUSE
Type: UNKNOWN
SUSE-SA:2006:035
Source: CCN
Type: OSVDB ID: 26315
Mozilla Multiple Products addSelectionListener Privilege Escalation
Source: BUGTRAQ
Type: UNKNOWN
20060602 rPSA-2006-0091-1 firefox thunderbird
Source: HP
Type: UNKNOWN
SSRT061181
Source: BID
Type: UNKNOWN
18228
Source: CCN
Type: BID-18228
Mozilla Firefox, SeaMonkey, Camino, and Thunderbird Multiple Remote Vulnerabilities
Source: CCN
Type: USN-296-1
Firefox vulnerabilities
Source: CCN
Type: USN-296-2
Firefox vulnerabilities
Source: CCN
Type: USN-323-1
Mozilla vulnerabilities
Source: CERT
Type: US Government Resource
TA06-153A
Source: VUPEN
Type: UNKNOWN
ADV-2006-2106
Source: VUPEN
Type: UNKNOWN
ADV-2006-3748
Source: VUPEN
Type: UNKNOWN
ADV-2007-0058
Source: VUPEN
Type: UNKNOWN
ADV-2008-0083
Source: XF
Type: UNKNOWN
mozilla-nsiselectionprivate-code-execution(26853)
Source: XF
Type: UNKNOWN
mozilla-nsiselectionprivate-code-execution(26853)
Source: UBUNTU
Type: UNKNOWN
USN-296-1
Source: UBUNTU
Type: UNKNOWN
USN-296-2
Source: UBUNTU
Type: UNKNOWN
USN-323-1
Source: SUSE
Type: SUSE-SA:2006:035
Mozilla browser security problems
|
| Vulnerable Configuration: | Configuration 1:
cpe:/a:mozilla:firefox:0.8:*:*:*:*:*:*:*OR cpe:/a:mozilla:firefox:0.9:*:*:*:*:*:*:*OR cpe:/a:mozilla:firefox:0.9:rc:*:*:*:*:*:*OR cpe:/a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*OR cpe:/a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*OR cpe:/a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*OR cpe:/a:mozilla:firefox:0.10:*:*:*:*:*:*:*OR cpe:/a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*OR cpe:/a:mozilla:firefox:1.0:*:*:*:*:*:*:*OR cpe:/a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*OR cpe:/a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*OR cpe:/a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*OR cpe:/a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*OR cpe:/a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*OR cpe:/a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*OR cpe:/a:mozilla:firefox:1.0.6:*:linux:*:*:*:*:*OR cpe:/a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*OR cpe:/a:mozilla:firefox:1.5:*:*:*:*:*:*:*OR cpe:/a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*OR cpe:/a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*OR cpe:/a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*OR cpe:/a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*OR cpe:/a:mozilla:firefox:*:*:*:*:*:*:*:* (Version <= 1.5.0.3)OR cpe:/a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*OR cpe:/a:mozilla:seamonkey:*:beta:*:*:*:*:*:* (Version <= 1.0)
Configuration CCN 1:
cpe:/a:mozilla:firefox:0.8:*:*:*:*:*:*:*OR cpe:/a:mozilla:firefox:0.9:rc:*:*:*:*:*:*OR cpe:/a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*OR cpe:/a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*OR cpe:/a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*OR cpe:/a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*OR cpe:/a:mozilla:firefox:1.0:*:*:*:*:*:*:*OR cpe:/a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*OR cpe:/a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*OR cpe:/a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*OR cpe:/a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*OR cpe:/a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*OR cpe:/a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*OR cpe:/a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*OR cpe:/a:mozilla:firefox:1.5:*:*:*:*:*:*:*OR cpe:/a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*OR cpe:/a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*OR cpe:/a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*OR cpe:/a:mozilla:firefox:0.10:*:*:*:*:*:*:*OR cpe:/a:mozilla:firefox:0.9:*:*:*:*:*:*:*OR cpe:/a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*OR cpe:/a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*OR cpe:/a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*OR cpe:/a:mozilla:seamonkey:1.0::alpha:*:*:*:*:*OR cpe:/a:mozilla:seamonkey:1.0::beta:*:*:*:*:*AND cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*OR cpe:/o:suse:suse_linux:10.1::personal:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
 Denotes that component is vulnerable |
| Oval Definitions |
|
| BACK |