Unrated severityNVD Advisory· Published Apr 14, 2006· Updated Apr 16, 2026
CVE-2006-1733
CVE-2006-1733
Description
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) "by inserting an XBL method into the DOM's document.body prototype chain."
Affected products
30cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <=1.0.7
- cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla_suite:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:mozilla:mozilla_suite:*:*:*:*:*:*:*:*range: <=1.7.12
- cpe:2.3:a:mozilla:mozilla_suite:1.7.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla_suite:1.7.11:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla_suite:1.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla_suite:1.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla_suite:1.7.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:*:beta:*:*:*:*:*:*range: <=1.0
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*range: <=1.0.7
- cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.5:beta:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
57- patches.sgi.com/support/free/security/advisories/20060404-01-U.ascnvdPatch
- www.mozilla.org/security/announce/2006/mfsa2006-16.htmlnvdPatchVendor Advisory
- secunia.com/advisories/19631nvdVendor Advisory
- secunia.com/advisories/19714nvdVendor Advisory
- secunia.com/advisories/19721nvdVendor Advisory
- secunia.com/advisories/19746nvdVendor Advisory
- secunia.com/advisories/19759nvdVendor Advisory
- secunia.com/advisories/19794nvdVendor Advisory
- secunia.com/advisories/19811nvdVendor Advisory
- secunia.com/advisories/19821nvdVendor Advisory
- secunia.com/advisories/19823nvdVendor Advisory
- secunia.com/advisories/19852nvdVendor Advisory
- secunia.com/advisories/19862nvdVendor Advisory
- secunia.com/advisories/19863nvdVendor Advisory
- secunia.com/advisories/19902nvdVendor Advisory
- secunia.com/advisories/19941nvdVendor Advisory
- secunia.com/advisories/19950nvdVendor Advisory
- secunia.com/advisories/21033nvdVendor Advisory
- secunia.com/advisories/21622nvdVendor Advisory
- www.kb.cert.org/vuls/id/488774nvdUS Government Resource
- www.us-cert.gov/cas/techalerts/TA06-107A.htmlnvdUS Government Resource
- ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txtnvd
- lists.suse.com/archive/suse-security-announce/2006-Apr/0003.htmlnvd
- secunia.com/advisories/19696nvd
- secunia.com/advisories/19729nvd
- secunia.com/advisories/19780nvd
- secunia.com/advisories/20051nvd
- sunsolve.sun.com/search/document.donvd
- sunsolve.sun.com/search/document.donvd
- support.avaya.com/elmodocs2/security/ASA-2006-205.htmnvd
- www.debian.org/security/2006/dsa-1044nvd
- www.debian.org/security/2006/dsa-1046nvd
- www.debian.org/security/2006/dsa-1051nvd
- www.gentoo.org/security/en/glsa/glsa-200604-12.xmlnvd
- www.gentoo.org/security/en/glsa/glsa-200604-18.xmlnvd
- www.gentoo.org/security/en/glsa/glsa-200605-09.xmlnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.novell.com/linux/security/advisories/2006_04_25.htmlnvd
- www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.htmlnvd
- www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.htmlnvd
- www.redhat.com/support/errata/RHSA-2006-0328.htmlnvd
- www.redhat.com/support/errata/RHSA-2006-0329.htmlnvd
- www.redhat.com/support/errata/RHSA-2006-0330.htmlnvd
- www.securityfocus.com/archive/1/434524/100/0/threadednvd
- www.securityfocus.com/archive/1/436296/100/0/threadednvd
- www.securityfocus.com/archive/1/436338/100/0/threadednvd
- www.securityfocus.com/archive/1/438730/100/0/threadednvd
- www.securityfocus.com/bid/17516nvd
- www.vupen.com/english/advisories/2006/1356nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/25817nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10815nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2020nvd
- usn.ubuntu.com/271-1/nvd
- usn.ubuntu.com/275-1/nvd
- usn.ubuntu.com/276-1/nvd
News mentions
0No linked articles in our index yet.