CVE-2006-2787
First published: Fri Jun 02 2006(Updated: )
EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | =1.5-beta2 | |
| Mozilla Thunderbird | =1.0.7 | |
| Mozilla Firefox | =1.0.2 | |
| Mozilla Firefox | =1.5-beta1 | |
| Mozilla Firefox | =1.5 | |
| Mozilla Firefox | =1.0.4 | |
| Mozilla Firefox | =1.0.7 | |
| Mozilla Thunderbird | =1.0 | |
| Mozilla Thunderbird | =1.0.1 | |
| Mozilla Thunderbird | =1.5-beta2 | |
| Mozilla Thunderbird | =1.0.2 | |
| Mozilla Firefox | =1.0 | |
| Mozilla Thunderbird | =1.5 | |
| Mozilla Firefox | =1.0.1 | |
| Mozilla Firefox | =preview_release | |
| Mozilla Thunderbird | =1.0.4 | |
| Mozilla Thunderbird | =1.0.3 | |
| Mozilla Firefox | =1.0.3 | |
| Mozilla Thunderbird | =1.0.6 | |
| Mozilla Thunderbird | =1.0.5-beta | |
| Mozilla Thunderbird | =1.0.5 | |
| Mozilla Firefox | =1.5.0.1 | |
| Mozilla Firefox | =1.0.5 | |
| Mozilla Firefox | =1.0.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.mozilla.org/security/announce/2006/mfsa2006-31.html
- http://www.securityfocus.com/bid/18228
- http://securitytracker.com/id?1016202
- http://securitytracker.com/id?1016214
- http://secunia.com/advisories/20376
- http://secunia.com/advisories/20382
- http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml
- http://secunia.com/advisories/20561
- http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml
- http://www.novell.com/linux/security/advisories/2006_35_mozilla.html
- http://secunia.com/advisories/20709
- http://www.redhat.com/support/errata/RHSA-2006-0578.html
- http://secunia.com/advisories/21134
- http://www.debian.org/security/2006/dsa-1118
- http://www.debian.org/security/2006/dsa-1120
- http://secunia.com/advisories/21183
- http://secunia.com/advisories/21176
- http://secunia.com/advisories/21178
- http://secunia.com/advisories/21188
- http://secunia.com/advisories/21210
- http://www.debian.org/security/2006/dsa-1134
- http://www.redhat.com/support/errata/RHSA-2006-0610.html
- http://www.redhat.com/support/errata/RHSA-2006-0611.html
- http://secunia.com/advisories/21269
- http://secunia.com/advisories/21270
- http://rhn.redhat.com/errata/RHSA-2006-0609.html
- http://secunia.com/advisories/21336
- http://secunia.com/advisories/21324
- http://secunia.com/advisories/21532
- http://secunia.com/advisories/21607
- http://www.redhat.com/support/errata/RHSA-2006-0594.html
- http://secunia.com/advisories/21631
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:143
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:145
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:146
- http://secunia.com/advisories/22065
- http://secunia.com/advisories/22066
- http://www.vupen.com/english/advisories/2006/3749
- http://www.vupen.com/english/advisories/2006/2106
- http://www.vupen.com/english/advisories/2006/3748
- http://www.vupen.com/english/advisories/2008/0083
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26842
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9491
- https://usn.ubuntu.com/323-1/
- https://usn.ubuntu.com/297-3/
- https://usn.ubuntu.com/297-1/
- https://usn.ubuntu.com/296-2/
- https://usn.ubuntu.com/296-1/
- http://www.securityfocus.com/archive/1/446658/100/200/threaded
- http://www.securityfocus.com/archive/1/446657/100/200/threaded
- http://www.securityfocus.com/archive/1/435795/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-2787?
CVE-2006-2787 is classified as a critical severity vulnerability that allows remote attackers to gain privileges.
How do I fix CVE-2006-2787?
To fix CVE-2006-2787, users should upgrade to Mozilla Firefox or Thunderbird version 1.5.0.4 or later.
What software versions are affected by CVE-2006-2787?
CVE-2006-2787 affects various versions of Mozilla Firefox and Thunderbird prior to version 1.5.0.4.
Can CVE-2006-2787 be exploited via the web?
Yes, CVE-2006-2787 can be exploited via the web, allowing attackers to execute malicious JavaScript.
Is there any public exploit available for CVE-2006-2787?
Yes, there have been reported instances of exploits in the wild targeting CVE-2006-2787.
- agent/type
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/event
- agent/source
- vendor/mozilla
- canonical/mozilla firefox
- version/mozilla firefox/1.5-beta2
- canonical/mozilla thunderbird
- version/mozilla thunderbird/1.0.7
- version/mozilla firefox/1.0.2
- version/mozilla firefox/1.5-beta1
- version/mozilla firefox/1.5
- version/mozilla firefox/1.0.4
- version/mozilla firefox/1.0.7
- version/mozilla thunderbird/1.0
- version/mozilla thunderbird/1.0.1
- version/mozilla thunderbird/1.5-beta2
- version/mozilla thunderbird/1.0.2
- version/mozilla firefox/1.0
- version/mozilla thunderbird/1.5
- version/mozilla firefox/1.0.1
- version/mozilla firefox/preview_release
- version/mozilla thunderbird/1.0.4
- version/mozilla thunderbird/1.0.3
- version/mozilla firefox/1.0.3
- version/mozilla thunderbird/1.0.6
- version/mozilla thunderbird/1.0.5-beta
- version/mozilla thunderbird/1.0.5
- version/mozilla firefox/1.5.0.1
- version/mozilla firefox/1.0.5
- version/mozilla firefox/1.0.6