CVE-2006-1733

Priority
Description
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8,
Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly
protect the compilation scope of privileged built-in XBL bindings, which
allows remote attackers to execute arbitrary code via the (1) valueOf.call
or (2) valueOf.apply methods of an XBL binding, or (3) "by inserting an XBL
method into the DOM's document.body prototype chain."
Notes
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
More Information

Updated: 2020-01-29 19:12:27 UTC (commit 40f18bf14da5fb50662e1f861ea594a462b207fe)