CVE-2006-1734
First published: Fri Apr 14 2006(Updated: )
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using the Object.watch method to access the "clone parent" internal function.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | =1.5-beta2 | |
| Mozilla Mozilla Suite | <=1.7.12 | |
| Mozilla Firefox | =1.0.2 | |
| Mozilla Firefox | =1.5-beta1 | |
| Mozilla Firefox | =1.5 | |
| Mozilla Mozilla Suite | =1.7.10 | |
| Mozilla Firefox | =1.0.4 | |
| Mozilla Mozilla Suite | =1.7.8 | |
| Mozilla Thunderbird | =1.0 | |
| Mozilla Thunderbird | =1.0.1 | |
| Mozilla Thunderbird | =1.5-beta2 | |
| Mozilla SeaMonkey | =1.0 | |
| Mozilla Thunderbird | =1.0.2 | |
| Mozilla Mozilla Suite | =1.7.11 | |
| Mozilla Firefox | =1.0 | |
| Mozilla Thunderbird | =1.5 | |
| Mozilla Firefox | =1.0.1 | |
| Mozilla Thunderbird | =1.0.4 | |
| Mozilla Thunderbird | =1.0.3 | |
| Mozilla Firefox | =1.0.3 | |
| Mozilla Thunderbird | =1.0.6 | |
| Mozilla Thunderbird | =1.0.5-beta | |
| Mozilla Mozilla Suite | =1.7.7 | |
| Mozilla Firefox | <=1.0.7 | |
| Mozilla Mozilla Suite | =1.7.6 | |
| Mozilla SeaMonkey | <=1.0 | |
| Mozilla Thunderbird | <=1.0.7 | |
| Mozilla Thunderbird | =1.0.5 | |
| Mozilla Firefox | =1.0.5 | |
| Mozilla Firefox | =1.0.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.mozilla.org/security/announce/2006/mfsa2006-15.html
- http://www.redhat.com/support/errata/RHSA-2006-0328.html
- http://www.kb.cert.org/vuls/id/842094
- http://www.securityfocus.com/bid/17516
- http://secunia.com/advisories/19631
- http://www.us-cert.gov/cas/techalerts/TA06-107A.html
- http://www.debian.org/security/2006/dsa-1044
- http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
- http://secunia.com/advisories/19759
- http://secunia.com/advisories/19794
- http://secunia.com/advisories/19821
- http://www.debian.org/security/2006/dsa-1046
- http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
- http://secunia.com/advisories/19811
- http://secunia.com/advisories/19823
- http://secunia.com/advisories/19852
- http://secunia.com/advisories/19862
- http://secunia.com/advisories/19863
- http://secunia.com/advisories/19902
- http://www.debian.org/security/2006/dsa-1051
- http://secunia.com/advisories/19950
- http://secunia.com/advisories/19941
- http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html
- http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html
- http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html
- http://secunia.com/advisories/19714
- http://secunia.com/advisories/19721
- http://secunia.com/advisories/19746
- http://www.redhat.com/support/errata/RHSA-2006-0329.html
- http://www.redhat.com/support/errata/RHSA-2006-0330.html
- http://secunia.com/advisories/21033
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
- http://secunia.com/advisories/21622
- http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
- http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml
- http://secunia.com/advisories/19696
- http://secunia.com/advisories/19729
- http://secunia.com/advisories/19780
- http://secunia.com/advisories/20051
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:075
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:076
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:078
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1
- http://www.vupen.com/english/advisories/2006/1356
- http://www.novell.com/linux/security/advisories/2006_04_25.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25816
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1247
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10755
- https://usn.ubuntu.com/276-1/
- https://usn.ubuntu.com/275-1/
- https://usn.ubuntu.com/271-1/
- http://www.securityfocus.com/archive/1/438730/100/0/threaded
- http://www.securityfocus.com/archive/1/436338/100/0/threaded
- http://www.securityfocus.com/archive/1/436296/100/0/threaded
- http://www.securityfocus.com/archive/1/434524/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-1734?
CVE-2006-1734 is classified as a critical vulnerability due to the potential for remote attackers to execute arbitrary code on affected systems.
How do I fix CVE-2006-1734?
To fix CVE-2006-1734, users should upgrade to a patched version of Mozilla Firefox, Thunderbird, or SeaMonkey that addresses this vulnerability.
What versions are affected by CVE-2006-1734?
CVE-2006-1734 affects versions of Mozilla Firefox 1.x before 1.5, Thunderbird 1.x before 1.5, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.
Can CVE-2006-1734 be exploited remotely?
Yes, CVE-2006-1734 can be exploited remotely, allowing attackers to execute code without user intervention.
What types of software are affected by CVE-2006-1734?
CVE-2006-1734 affects web browsers and email clients, specifically Mozilla Firefox, Mozilla Suite, Thunderbird, and SeaMonkey.
- agent/type
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/references
- agent/weakness
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- agent/event
- agent/source
- vendor/mozilla
- canonical/mozilla firefox
- version/mozilla firefox/1.5-beta2
- canonical/mozilla mozilla suite
- version/mozilla mozilla suite/1.7.12
- version/mozilla firefox/1.0.2
- version/mozilla firefox/1.5-beta1
- version/mozilla firefox/1.5
- version/mozilla mozilla suite/1.7.10
- version/mozilla firefox/1.0.4
- version/mozilla mozilla suite/1.7.8
- canonical/mozilla thunderbird
- version/mozilla thunderbird/1.0
- version/mozilla thunderbird/1.0.1
- version/mozilla thunderbird/1.5-beta2
- canonical/mozilla seamonkey
- version/mozilla seamonkey/1.0
- version/mozilla thunderbird/1.0.2
- version/mozilla mozilla suite/1.7.11
- version/mozilla firefox/1.0
- version/mozilla thunderbird/1.5
- version/mozilla firefox/1.0.1
- version/mozilla thunderbird/1.0.4
- version/mozilla thunderbird/1.0.3
- version/mozilla firefox/1.0.3
- version/mozilla thunderbird/1.0.6
- version/mozilla thunderbird/1.0.5-beta
- version/mozilla mozilla suite/1.7.7
- version/mozilla firefox/1.0.7
- version/mozilla mozilla suite/1.7.6
- version/mozilla thunderbird/1.0.7
- version/mozilla thunderbird/1.0.5
- version/mozilla firefox/1.0.5
- version/mozilla firefox/1.0.6