CVE-2006-1733 (retired)

Priority
Description
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8,
Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly
protect the compilation scope of privileged built-in XBL bindings, which
allows remote attackers to execute arbitrary code via the (1) valueOf.call
or (2) valueOf.apply methods of an XBL binding, or (3) "by inserting an XBL
method into the DOM's document.body prototype chain."
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
More Information

Updated: 2019-09-19 15:04:26 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)