Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2006-2775

Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attributes with the wrong URL under certain unspecified circumstances, which might allow remote attackers to bypass restrictions by causing a persisted string to be associated with the wrong URL.

Published

2006-06-02T18:02:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-264

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mozilla	firefox	≤ 1.5.0.3	Yes
Application	mozilla	firefox	0.8	Yes
Application	mozilla	firefox	0.9	Yes
Application	mozilla	firefox	0.9	Yes
Application	mozilla	firefox	0.9.1	Yes
Application	mozilla	firefox	0.9.2	Yes
Application	mozilla	firefox	0.9.3	Yes
Application	mozilla	firefox	0.10	Yes
Application	mozilla	firefox	0.10.1	Yes
Application	mozilla	firefox	1.0	Yes
Application	mozilla	firefox	1.0.1	Yes
Application	mozilla	firefox	1.0.2	Yes
Application	mozilla	firefox	1.0.3	Yes
Application	mozilla	firefox	1.0.4	Yes
Application	mozilla	firefox	1.0.5	Yes
Application	mozilla	firefox	1.0.6	Yes
Application	mozilla	firefox	1.0.6	Yes
Application	mozilla	firefox	1.0.7	Yes
Application	mozilla	firefox	1.5	Yes
Application	mozilla	firefox	1.5	Yes
Application	mozilla	firefox	1.5	Yes
Application	mozilla	firefox	1.5.0.1	Yes
Application	mozilla	firefox	1.5.0.2	Yes
Application	mozilla	thunderbird	≤ 1.5.0.1	Yes
Application	mozilla	thunderbird	0.1	Yes
Application	mozilla	thunderbird	0.2	Yes
Application	mozilla	thunderbird	0.3	Yes
Application	mozilla	thunderbird	0.4	Yes
Application	mozilla	thunderbird	0.5	Yes
Application	mozilla	thunderbird	0.6	Yes
Application	mozilla	thunderbird	0.7	Yes
Application	mozilla	thunderbird	0.7.1	Yes
Application	mozilla	thunderbird	0.7.2	Yes
Application	mozilla	thunderbird	0.7.3	Yes
Application	mozilla	thunderbird	0.8	Yes
Application	mozilla	thunderbird	0.9	Yes
Application	mozilla	thunderbird	1.0	Yes
Application	mozilla	thunderbird	1.0.1	Yes
Application	mozilla	thunderbird	1.0.2	Yes
Application	mozilla	thunderbird	1.0.3	Yes
Application	mozilla	thunderbird	1.0.4	Yes
Application	mozilla	thunderbird	1.0.5	Yes
Application	mozilla	thunderbird	1.0.5	Yes
Application	mozilla	thunderbird	1.0.6	Yes
Application	mozilla	thunderbird	1.0.7	Yes
Application	mozilla	thunderbird	1.5	Yes
Application	mozilla	thunderbird	1.5	Yes

References

http://secunia.com/advisories/20376 Vendor Advisory ([email protected])
http://secunia.com/advisories/20382 Vendor Advisory ([email protected])
http://secunia.com/advisories/20561 Vendor Advisory ([email protected])
http://secunia.com/advisories/20709 Vendor Advisory ([email protected])
http://secunia.com/advisories/21176 Vendor Advisory ([email protected])
http://secunia.com/advisories/21178 Vendor Advisory ([email protected])
http://secunia.com/advisories/21183 Vendor Advisory ([email protected])
http://secunia.com/advisories/21188 Vendor Advisory ([email protected])
http://secunia.com/advisories/21210 Vendor Advisory ([email protected])
http://secunia.com/advisories/21324 Vendor Advisory ([email protected])
http://secunia.com/advisories/21532 Vendor Advisory ([email protected])
http://secunia.com/advisories/21607 Vendor Advisory ([email protected])
http://secunia.com/advisories/22065 Vendor Advisory ([email protected])
http://secunia.com/advisories/22066 Vendor Advisory ([email protected])
http://securitytracker.com/id?1016202 ([email protected])
http://securitytracker.com/id?1016214 ([email protected])
http://www.debian.org/security/2006/dsa-1118 ([email protected])
http://www.debian.org/security/2006/dsa-1120 ([email protected])
http://www.debian.org/security/2006/dsa-1134 ([email protected])
http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml ([email protected])
http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml ([email protected])
http://www.kb.cert.org/vuls/id/243153 Patch, US Government Resource ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2006:143 ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2006:145 ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2006:146 ([email protected])
http://www.mozilla.org/security/announce/2006/mfsa2006-35.html Patch, Vendor Advisory ([email protected])
http://www.novell.com/linux/security/advisories/2006_35_mozilla.html ([email protected])
http://www.securityfocus.com/archive/1/435795/100/0/threaded ([email protected])
http://www.securityfocus.com/archive/1/446657/100/200/threaded ([email protected])
http://www.securityfocus.com/archive/1/446658/100/200/threaded ([email protected])
http://www.securityfocus.com/bid/18228 ([email protected])
http://www.us-cert.gov/cas/techalerts/TA06-153A.html Patch, US Government Resource ([email protected])
http://www.vupen.com/english/advisories/2006/2106 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2006/3748 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2006/3749 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2008/0083 Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/26846 ([email protected])
https://usn.ubuntu.com/296-1/ ([email protected])
https://usn.ubuntu.com/296-2/ ([email protected])
https://usn.ubuntu.com/297-1/ ([email protected])
https://usn.ubuntu.com/297-3/ ([email protected])
https://usn.ubuntu.com/323-1/ ([email protected])
http://secunia.com/advisories/20376 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/20382 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/20561 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/20709 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/21176 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/21178 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/21183 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/21188 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/21210 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/21324 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/21532 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/21607 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/22065 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/22066 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1016202 (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1016214 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2006/dsa-1118 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2006/dsa-1120 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2006/dsa-1134 (af854a3a-2127-422b-91ae-364da2661108)
http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml (af854a3a-2127-422b-91ae-364da2661108)
http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml (af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/243153 Patch, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2006:143 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2006:145 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2006:146 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mozilla.org/security/announce/2006/mfsa2006-35.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.novell.com/linux/security/advisories/2006_35_mozilla.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/435795/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/446657/100/200/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/446658/100/200/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/18228 (af854a3a-2127-422b-91ae-364da2661108)
http://www.us-cert.gov/cas/techalerts/TA06-153A.html Patch, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/2106 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/3748 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/3749 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/0083 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/26846 (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/296-1/ (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/296-2/ (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/297-1/ (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/297-3/ (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/323-1/ (af854a3a-2127-422b-91ae-364da2661108)