Overview
A vulnerability exists in the way Mozilla products process JavaScript. This vulnerability may allow an attacker to execute arbitrary code.
Description
The Mozilla Foundation supports several Open Source projects, including the Mozilla, Seamonkey, and Firefox web browsers. The Thunderbird email client is also a Mozilla product. An unspecified vulnerability exists in the way Mozilla products process JavaScript. For more information refer to Mozilla Foundation Security Advisory 2006-67. |
Impact
A remote, unauthenticated attacker may be able to execute arbitrary code. |
Solution
Upgrade |
|
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=349527
- https://bugzilla.mozilla.org/show_bug.cgi?id=351973
- https://bugzilla.mozilla.org/show_bug.cgi?id=353165
- https://bugzilla.mozilla.org/show_bug.cgi?id=354145
- https://bugzilla.mozilla.org/show_bug.cgi?id=354151
- https://bugzilla.mozilla.org/show_bug.cgi?id=350238
- https://bugzilla.mozilla.org/show_bug.cgi?id=351116
- https://bugzilla.mozilla.org/show_bug.cgi?id=352271
- https://bugzilla.mozilla.org/show_bug.cgi?id=352606
- https://bugzilla.mozilla.org/show_bug.cgi?id=354924
- http://www.mozilla.org/security/announce/2006/mfsa2006-65.html
- http://secunia.com/advisories/22929/
- http://secunia.com/advisories/22980/
- http://secunia.com/advisories/23013/
- http://secunia.com/advisories/22763/
- http://secunia.com/advisories/23009/
- http://secunia.com/advisories/22815/
- http://secunia.com/advisories/22727/
Acknowledgements
Thanks to the Mozilla Foundation for information about this vulnerability.
This document was written by Ryan Giobbi.
Other Information
| CVE IDs: | CVE-2006-5748 |
| Severity Metric: | 0.45 |
| Date Public: | 2006-11-08 |
| Date First Published: | 2006-11-08 |
| Date Last Updated: | 2006-12-21 18:47 UTC |
| Document Revision: | 28 |