Overview
Mozilla products fail to properly restrict access to a JavaScript functions cloned parent. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system.
Description
According to Mozilla Foundation Security Advisory 2006-15: it was possible to use the Object.watch() method to access an internal function object (the "clone parent") which could then be used to run arbitrary JavaScript code with full permission. |
Impact
A remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. |
Solution
Upgrade |
Disable JavaScript
|
Vendor Information
CVSS Metrics
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
References
Acknowledgements
This vulnerability was reported in Mozilla Foundation Security Advisory 2006-15. Mozilla credits shutdown with providing information regarding this issue.
This document was written by Jeff Gennari.
Other Information
CVE IDs: | CVE-2006-1734 |
Severity Metric: | 20.45 |
Date Public: | 2006-04-13 |
Date First Published: | 2006-04-17 |
Date Last Updated: | 2006-05-17 12:36 UTC |
Document Revision: | 21 |