Launchpad.net

CVE 2006-2787

EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox.

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.mozilla.org...
BID: 18228
SECTRACK: 1016202
SECTRACK: 1016214
SECUNIA: 20376
SECUNIA: 20382
GENTOO: GLSA-200606-12
SECUNIA: 20561
GENTOO: GLSA-200606-21
SUSE: SUSE-SA:2006:035
SECUNIA: 20709
DEBIAN: DSA-1118
DEBIAN: DSA-1120
REDHAT: RHSA-2006:0578
SECUNIA: 21134
SECUNIA: 21183
SECUNIA: 21176
SECUNIA: 21178
SECUNIA: 21188
SECUNIA: 21210
DEBIAN: DSA-1134
REDHAT: RHSA-2006:0610
REDHAT: RHSA-2006:0611
REDHAT: RHSA-2006:0609
SECUNIA: 21269
SECUNIA: 21270
SECUNIA: 21336
SECUNIA: 21324
SECUNIA: 21532
SECUNIA: 21607
REDHAT: RHSA-2006:0594
SECUNIA: 21631
SECUNIA: 22065
SECUNIA: 22066
MANDRIVA: MDKSA-2006:143
MANDRIVA: MDKSA-2006:145
MANDRIVA: MDKSA-2006:146
VUPEN: ADV-2006-2106
VUPEN: ADV-2006-3748
VUPEN: ADV-2006-3749
VUPEN: ADV-2008-0083
XF: mozilla-valueof-sandbo...
OVAL: oval:org.mitre.oval:de...
UBUNTU: USN-296-1
UBUNTU: USN-297-1
UBUNTU: USN-296-2
UBUNTU: USN-297-3
UBUNTU: USN-323-1
BUGTRAQ: 20060602 rPSA-2006-009...
HP: HPSBUX02153
HP: SSRT061181
HP: HPSBUX02156
HP: SSRT061236

Launchpad.net

CVE 2006-2787

Related bugs

References