CVE-2006-2776

Published: Jun 2, 2006Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended.

Affected (47)

Products: Mozilla: Firefox, Thunderbird

Mozilla

2 products

Firefox

Thunderbird

Configuration A

47 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Version 0.10.1
Mozilla Firefox	Version 0.10
Mozilla Firefox	Version 0.8
Mozilla Firefox	Version 0.9.1
Mozilla Firefox	Version 0.9.2
Mozilla Firefox	Version 0.9.3
Mozilla Firefox	Version 0.9
Mozilla Firefox	Version 0.9 rc
Mozilla Firefox	Version 1.0.1
Mozilla Firefox	Version 1.0.2
Mozilla Firefox	Version 1.0.3
Mozilla Firefox	Version 1.0.4
Mozilla Firefox	Version 1.0.5
Mozilla Firefox	Version 1.0.6
Mozilla Firefox	Version 1.0.6
Mozilla Firefox	Version 1.0.7
Mozilla Firefox	Version 1.0
Mozilla Firefox	Version 1.5.0.1
Mozilla Firefox	Version 1.5.0.2
Mozilla Firefox	Version 1.5.0.3
Mozilla Firefox	Version 1.5
Mozilla Firefox	Version 1.5 beta1
Mozilla Firefox	Version 1.5 beta2
Mozilla Thunderbird	Version 0.1
Mozilla Thunderbird	Version 0.2
Mozilla Thunderbird	Version 0.3
Mozilla Thunderbird	Version 0.4
Mozilla Thunderbird	Version 0.5
Mozilla Thunderbird	Version 0.6
Mozilla Thunderbird	Version 0.7.1
Mozilla Thunderbird	Version 0.7.2
Mozilla Thunderbird	Version 0.7.3
Mozilla Thunderbird	Version 0.7
Mozilla Thunderbird	Version 0.8
Mozilla Thunderbird	Version 0.9
Mozilla Thunderbird	Version 1.0.1
Mozilla Thunderbird	Version 1.0.2
Mozilla Thunderbird	Version 1.0.3
Mozilla Thunderbird	Version 1.0.4
Mozilla Thunderbird	Version 1.0.5
Mozilla Thunderbird	Version 1.0.5 beta
Mozilla Thunderbird	Version 1.0.6
Mozilla Thunderbird	Version 1.0.7
Mozilla Thunderbird	Version 1.0
Mozilla Thunderbird	Version 1.5.0.1
Mozilla Thunderbird	Version 1.5
Mozilla Thunderbird	Version 1.5 beta2

References (112)

http://rhn.redhat.com/errata/RHSA-2006-0609.html

Source: cve@mitre.org

http://secunia.com/advisories/20376

Source: cve@mitre.org

http://secunia.com/advisories/20382

Source: cve@mitre.org

http://secunia.com/advisories/20561

Source: cve@mitre.org

http://secunia.com/advisories/20709

Source: cve@mitre.org

http://secunia.com/advisories/21134

Source: cve@mitre.org

http://secunia.com/advisories/21176

Source: cve@mitre.org

http://secunia.com/advisories/21178

Source: cve@mitre.org

http://secunia.com/advisories/21183

Source: cve@mitre.org

http://secunia.com/advisories/21188

Source: cve@mitre.org

http://secunia.com/advisories/21210

Source: cve@mitre.org

http://secunia.com/advisories/21269

Source: cve@mitre.org

http://secunia.com/advisories/21270

Source: cve@mitre.org

http://secunia.com/advisories/21324

Source: cve@mitre.org

http://secunia.com/advisories/21336

Source: cve@mitre.org

http://secunia.com/advisories/21532

Source: cve@mitre.org

http://secunia.com/advisories/21607

Source: cve@mitre.org

http://secunia.com/advisories/21631

Source: cve@mitre.org

http://secunia.com/advisories/22065

Source: cve@mitre.org

http://secunia.com/advisories/22066

Source: cve@mitre.org

http://secunia.com/advisories/24108

Source: cve@mitre.org

http://securitytracker.com/id?1016202

Source: cve@mitre.org

http://securitytracker.com/id?1016214

Source: cve@mitre.org

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102800-1

Source: cve@mitre.org

http://www.debian.org/security/2006/dsa-1118

Source: cve@mitre.org

http://www.debian.org/security/2006/dsa-1120

Source: cve@mitre.org

http://www.debian.org/security/2006/dsa-1134

Source: cve@mitre.org

http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml

Source: cve@mitre.org

http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml

Source: cve@mitre.org

http://www.kb.cert.org/vuls/id/575969

Source: cve@mitre.org

PatchUS Government Resource

http://www.mandriva.com/security/advisories?name=MDKSA-2006:143

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDKSA-2006:145

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDKSA-2006:146

Source: cve@mitre.org

http://www.mozilla.org/security/announce/2006/mfsa2006-37.html

Source: cve@mitre.org

PatchVendor Advisory

http://www.novell.com/linux/security/advisories/2006_35_mozilla.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2006-0578.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2006-0594.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2006-0610.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2006-0611.html

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/435795/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/446657/100/200/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/446658/100/200/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/18228

Source: cve@mitre.org

http://www.us-cert.gov/cas/techalerts/TA06-153A.html

Source: cve@mitre.org

US Government Resource

http://www.vupen.com/english/advisories/2006/2106

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/3748

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/3749

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/0573

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/0083

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/26848

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9849

Source: cve@mitre.org

https://usn.ubuntu.com/296-1/

Source: cve@mitre.org

https://usn.ubuntu.com/296-2/

Source: cve@mitre.org

https://usn.ubuntu.com/297-1/

Source: cve@mitre.org

https://usn.ubuntu.com/297-3/

Source: cve@mitre.org

https://usn.ubuntu.com/323-1/

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2006-0609.html