PT-2006-3694 · Mozilla+1 · Firefox+2

Jonas Sicking

Published

2006-06-02

Updated

2018-10-18

CVE-2006-2775

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 1.5.0.4 Mozilla Thunderbird versions prior to 1.5.0.4

Description The issue allows remote attackers to bypass restrictions under certain circumstances by causing a persisted string to be associated with the wrong URL. This occurs due to the incorrect association of XUL attributes with URLs.

Recommendations For Mozilla Firefox versions prior to 1.5.0.4, update to version 1.5.0.4 or later to resolve the issue. For Mozilla Thunderbird versions prior to 1.5.0.4, update to version 1.5.0.4 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2006-2775

DSA-1118

DSA-1120

DSA-1134-1

HPSBUX02153

Affected Products

Hp-Ux

Firefox

Thunderbird

PT-2006-3694 · Mozilla+1 · Firefox+2

CVE-2006-2775

Weakness Enumeration

Related Identifiers

Affected Products

References · 178