CVE-2006-1727
First published: Fri Apr 14 2006(Updated: )
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to gain chrome privileges via multiple attack vectors related to the use of XBL scripts with "Print Preview".
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Mozilla Suite | <1.7.13 | |
| Mozilla Thunderbird | >=1.0<1.0.8 | |
| Mozilla SeaMonkey | <1.0.1 | |
| Mozilla Firefox | >=1.5<1.5.0.2 | |
| Mozilla Firefox | >=1.0<1.0.8 | |
| Mozilla Thunderbird | >=1.5<1.5.0.2 | |
| Ubuntu | =4.10 | |
| Ubuntu | =5.04 | |
| Ubuntu | =5.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.mozilla.org/security/announce/2006/mfsa2006-25.html
- http://www.redhat.com/support/errata/RHSA-2006-0328.html
- http://www.securityfocus.com/bid/17516
- http://securitytracker.com/id?1015926
- http://securitytracker.com/id?1015927
- http://securitytracker.com/id?1015928
- http://securitytracker.com/id?1015929
- http://secunia.com/advisories/19631
- http://secunia.com/advisories/19649
- http://www.debian.org/security/2006/dsa-1044
- http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
- http://secunia.com/advisories/19759
- http://secunia.com/advisories/19821
- http://www.debian.org/security/2006/dsa-1046
- http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
- http://secunia.com/advisories/19811
- http://secunia.com/advisories/19823
- http://secunia.com/advisories/19852
- http://secunia.com/advisories/19862
- http://secunia.com/advisories/19863
- http://secunia.com/advisories/19902
- http://www.debian.org/security/2006/dsa-1051
- http://secunia.com/advisories/19950
- http://secunia.com/advisories/19941
- http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html
- http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html
- http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html
- http://secunia.com/advisories/19714
- http://secunia.com/advisories/19721
- http://secunia.com/advisories/19746
- http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml
- http://www.redhat.com/support/errata/RHSA-2006-0329.html
- http://www.redhat.com/support/errata/RHSA-2006-0330.html
- http://secunia.com/advisories/21033
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
- http://secunia.com/advisories/21622
- http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
- http://secunia.com/advisories/19696
- http://secunia.com/advisories/19729
- http://secunia.com/advisories/19780
- http://secunia.com/advisories/20051
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:076
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:078
- http://secunia.com/advisories/22065
- http://secunia.com/advisories/22066
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1
- http://www.vupen.com/english/advisories/2006/1356
- http://www.vupen.com/english/advisories/2006/3749
- http://www.vupen.com/english/advisories/2006/3748
- http://www.vupen.com/english/advisories/2006/3391
- http://www.vupen.com/english/advisories/2008/0083
- http://www.novell.com/linux/security/advisories/2006_04_25.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25824
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1649
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10364
- https://usn.ubuntu.com/276-1/
- https://usn.ubuntu.com/275-1/
- https://usn.ubuntu.com/271-1/
- http://www.securityfocus.com/archive/1/446658/100/200/threaded
- http://www.securityfocus.com/archive/1/446657/100/200/threaded
- http://www.securityfocus.com/archive/1/438730/100/0/threaded
- http://www.securityfocus.com/archive/1/436338/100/0/threaded
- http://www.securityfocus.com/archive/1/436296/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-1727?
CVE-2006-1727 is classified as a moderate severity vulnerability that allows remote attackers to gain chrome privileges.
How do I fix CVE-2006-1727?
To fix CVE-2006-1727, you should update your Mozilla Firefox, Thunderbird, or SeaMonkey to the latest version available.
Which versions are affected by CVE-2006-1727?
CVE-2006-1727 affects Mozilla Firefox versions before 1.5.0.2, Thunderbird versions before 1.5, Mozilla Suite versions before 1.7.13, and SeaMonkey versions before 1.0.1.
Can CVE-2006-1727 be exploited through web pages?
Yes, CVE-2006-1727 can be exploited via malicious web pages that utilize XBL scripts with the 'Print Preview' feature.
Is there a patch available for CVE-2006-1727?
Yes, patches for CVE-2006-1727 are included in the versions released after the vulnerable ones, specifically starting from Firefox 1.5.0.2 and onwards.
- agent/type
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/mozilla
- canonical/mozilla mozilla suite
- canonical/mozilla thunderbird
- version/mozilla thunderbird/1.0
- canonical/mozilla seamonkey
- canonical/mozilla firefox
- version/mozilla firefox/1.5
- version/mozilla firefox/1.0
- version/mozilla thunderbird/1.5
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/4.10
- version/ubuntu/5.04
- version/ubuntu/5.10