CVE-2006-2787
Published: 2 June 2006
EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
mozilla-thunderbird Launchpad, Ubuntu, Debian |
dapper |
Released
(1.5.0.13-0ubuntu0.6.06)
|
| edgy |
Released
(1.5.0.13-0ubuntu0.6.10)
|
|
| feisty |
Released
(1.5.0.13-0ubuntu0.7.04)
|
|
| upstream |
Needs triage
|
|
|
firefox Launchpad, Ubuntu, Debian |
dapper |
Released
(1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1)
|
| edgy |
Not vulnerable
|
|
| feisty |
Not vulnerable
|
|
| upstream |
Needs triage
|
|
|
firefox-granparadiso Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| edgy |
Does not exist
|
|
| feisty |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
midbrowser Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| edgy |
Does not exist
|
|
| feisty |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
xulrunner Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| edgy |
Released
(1.8.0.5-4.2)
|
|
| feisty |
Released
(1.8.0.5-4.2)
|
|
| upstream |
Needs triage
|
|
|
lightning-sunbird Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| edgy |
Does not exist
|
|
| feisty |
Does not exist
|
|
| upstream |
Needs triage
|
References
- https://ubuntu.com/security/notices/USN-296-1
- https://ubuntu.com/security/notices/USN-296-2
- https://ubuntu.com/security/notices/USN-297-1
- https://ubuntu.com/security/notices/USN-297-3
- https://ubuntu.com/security/notices/USN-323-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2787
- NVD
- Launchpad
- Debian