Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) "by inserting an XBL method into the DOM's document.body prototype chain."
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
DSA-1044-1 | New Mozilla Firefox packages fix several vulnerabilities |
![]() |
DSA-1046-1 | New Mozilla packages fix several vulnerabilities |
![]() |
DSA-1051-1 | New Mozilla Thunderbird packages fix several vulnerabilities |
![]() |
USN-271-1 | Firefox vulnerabilities |
![]() |
USN-275-1 | Mozilla vulnerabilities |
![]() |
USN-276-1 | Thunderbird vulnerabilities |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.

Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2024-08-07T17:19:49.542Z
Reserved: 2006-04-12T00:00:00
Link: CVE-2006-1733

No data.

Status : Deferred
Published: 2006-04-14T10:02:00.000
Modified: 2025-04-03T01:03:51.193
Link: CVE-2006-1733


No data.