CVE-2006-2787

Published: Jun 2, 2006Modified: Apr 16, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox.

Affected (24)

Products: Mozilla: Firefox, Thunderbird

Mozilla

2 products

Firefox

Thunderbird

Configuration A

24 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Version 1.0.1
Mozilla Firefox	Version 1.0.2
Mozilla Firefox	Version 1.0.3
Mozilla Firefox	Version 1.0.4
Mozilla Firefox	Version 1.0.5
Mozilla Firefox	Version 1.0.6
Mozilla Firefox	Version 1.0.7
Mozilla Firefox	Version 1.0
Mozilla Firefox	Version 1.5.0.1
Mozilla Firefox	Version 1.5
Mozilla Firefox	Version 1.5 beta1
Mozilla Firefox	Version 1.5 beta2
Mozilla Firefox	Version preview_release
Mozilla Thunderbird	Version 1.0.1
Mozilla Thunderbird	Version 1.0.2
Mozilla Thunderbird	Version 1.0.3
Mozilla Thunderbird	Version 1.0.4
Mozilla Thunderbird	Version 1.0.5
Mozilla Thunderbird	Version 1.0.5 beta
Mozilla Thunderbird	Version 1.0.6
Mozilla Thunderbird	Version 1.0.7
Mozilla Thunderbird	Version 1.0
Mozilla Thunderbird	Version 1.5
Mozilla Thunderbird	Version 1.5 beta2

References (102)

http://rhn.redhat.com/errata/RHSA-2006-0609.html

Source: cve@mitre.org

http://secunia.com/advisories/20376

Source: cve@mitre.org

http://secunia.com/advisories/20382

Source: cve@mitre.org

http://secunia.com/advisories/20561

Source: cve@mitre.org

http://secunia.com/advisories/20709

Source: cve@mitre.org

http://secunia.com/advisories/21134

Source: cve@mitre.org

http://secunia.com/advisories/21176

Source: cve@mitre.org

http://secunia.com/advisories/21178

Source: cve@mitre.org

http://secunia.com/advisories/21183

Source: cve@mitre.org

http://secunia.com/advisories/21188

Source: cve@mitre.org

http://secunia.com/advisories/21210

Source: cve@mitre.org

http://secunia.com/advisories/21269

Source: cve@mitre.org

http://secunia.com/advisories/21270

Source: cve@mitre.org

http://secunia.com/advisories/21324

Source: cve@mitre.org

http://secunia.com/advisories/21336

Source: cve@mitre.org

http://secunia.com/advisories/21532

Source: cve@mitre.org

http://secunia.com/advisories/21607

Source: cve@mitre.org

http://secunia.com/advisories/21631

Source: cve@mitre.org

http://secunia.com/advisories/22065

Source: cve@mitre.org

http://secunia.com/advisories/22066

Source: cve@mitre.org

http://securitytracker.com/id?1016202

Source: cve@mitre.org

http://securitytracker.com/id?1016214

Source: cve@mitre.org

http://www.debian.org/security/2006/dsa-1118

Source: cve@mitre.org

http://www.debian.org/security/2006/dsa-1120

Source: cve@mitre.org

http://www.debian.org/security/2006/dsa-1134

Source: cve@mitre.org

http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml

Source: cve@mitre.org

http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDKSA-2006:143

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDKSA-2006:145

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDKSA-2006:146

Source: cve@mitre.org

http://www.mozilla.org/security/announce/2006/mfsa2006-31.html

Source: cve@mitre.org

Vendor Advisory

http://www.novell.com/linux/security/advisories/2006_35_mozilla.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2006-0578.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2006-0594.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2006-0610.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2006-0611.html

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/435795/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/446657/100/200/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/446658/100/200/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/18228

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/2106

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/3748

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/3749

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/0083

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/26842

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9491

Source: cve@mitre.org

https://usn.ubuntu.com/296-1/

Source: cve@mitre.org

https://usn.ubuntu.com/296-2/

Source: cve@mitre.org

https://usn.ubuntu.com/297-1/

Source: cve@mitre.org

https://usn.ubuntu.com/297-3/

Source: cve@mitre.org

https://usn.ubuntu.com/323-1/

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2006-0609.html