CVE-2006-2775
UnknownEPSS 4.48%
Last modified
CVE-2006-2775 is a vulnerability of currently unknown severity. Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attributes with the wrong URL under certain unspecified circumstances, which might allow remote attackers to bypass restrictions by causing a persisted string to be associated with the wrong URL.. EPSS estimates a 4.48% chance of exploitation in the next 30 days.
Description
Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attributes with the wrong URL under certain unspecified circumstances, which might allow remote attackers to bypass restrictions by causing a persisted string to be associated with the wrong URL.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | <= 1.5.0.3 |
| Mozilla | Firefox | 0.8 |
| Mozilla | Firefox | 0.9 |
| Mozilla | Firefox | 0.9.1 |
| Mozilla | Firefox | 0.9.2 |
| Mozilla | Firefox | 0.9.3 |
| Mozilla | Firefox | 0.10 |
| Mozilla | Firefox | 0.10.1 |
| Mozilla | Firefox | 1.0 |
| Mozilla | Firefox | 1.0.1 |
| Mozilla | Firefox | 1.0.2 |
| Mozilla | Firefox | 1.0.3 |
| Mozilla | Firefox | 1.0.4 |
| Mozilla | Firefox | 1.0.5 |
| Mozilla | Firefox | 1.0.6 |
| Mozilla | Firefox | 1.0.7 |
| Mozilla | Firefox | 1.5 |
| Mozilla | Firefox | 1.5.0.1 |
| Mozilla | Firefox | 1.5.0.2 |
| Mozilla | Thunderbird | <= 1.5.0.1 |
| Mozilla | Thunderbird | 0.1 |
| Mozilla | Thunderbird | 0.2 |
| Mozilla | Thunderbird | 0.3 |
| Mozilla | Thunderbird | 0.4 |
| Mozilla | Thunderbird | 0.5 |
| Mozilla | Thunderbird | 0.6 |
| Mozilla | Thunderbird | 0.7 |
| Mozilla | Thunderbird | 0.7.1 |
| Mozilla | Thunderbird | 0.7.2 |
| Mozilla | Thunderbird | 0.7.3 |
| Mozilla | Thunderbird | 0.8 |
| Mozilla | Thunderbird | 0.9 |
| Mozilla | Thunderbird | 1.0 |
| Mozilla | Thunderbird | 1.0.1 |
| Mozilla | Thunderbird | 1.0.2 |
| Mozilla | Thunderbird | 1.0.3 |
| Mozilla | Thunderbird | 1.0.4 |
| Mozilla | Thunderbird | 1.0.5 |
| Mozilla | Thunderbird | 1.0.6 |
| Mozilla | Thunderbird | 1.0.7 |
| Mozilla | Thunderbird | 1.5 |
References
- http://secunia.com/advisories/20376Vendor Advisory
- http://secunia.com/advisories/20382Vendor Advisory
- http://secunia.com/advisories/20561Vendor Advisory
- http://secunia.com/advisories/20709Vendor Advisory
- http://secunia.com/advisories/21176Vendor Advisory
- http://secunia.com/advisories/21178Vendor Advisory
- http://secunia.com/advisories/21183Vendor Advisory
- http://secunia.com/advisories/21188Vendor Advisory
- http://secunia.com/advisories/21210Vendor Advisory
- http://secunia.com/advisories/21324Vendor Advisory
- http://secunia.com/advisories/21532Vendor Advisory
- http://secunia.com/advisories/21607Vendor Advisory
- http://secunia.com/advisories/22065Vendor Advisory
- http://secunia.com/advisories/22066Vendor Advisory
- http://www.kb.cert.org/vuls/id/243153Patch, US Government Resource
- http://www.mozilla.org/security/announce/2006/mfsa2006-35.htmlPatch, Vendor Advisory
- http://www.us-cert.gov/cas/techalerts/TA06-153A.htmlPatch, US Government Resource
- http://www.vupen.com/english/advisories/2006/2106Vendor Advisory
- http://www.vupen.com/english/advisories/2006/3748Vendor Advisory
- http://www.vupen.com/english/advisories/2006/3749Vendor Advisory
- http://www.vupen.com/english/advisories/2008/0083Vendor Advisory
- http://secunia.com/advisories/20376Vendor Advisory
- http://secunia.com/advisories/20382Vendor Advisory
- http://secunia.com/advisories/20561Vendor Advisory
- http://secunia.com/advisories/20709Vendor Advisory
- http://secunia.com/advisories/21176Vendor Advisory
- http://secunia.com/advisories/21178Vendor Advisory
- http://secunia.com/advisories/21183Vendor Advisory
- http://secunia.com/advisories/21188Vendor Advisory
- http://secunia.com/advisories/21210Vendor Advisory
- http://secunia.com/advisories/21324Vendor Advisory
- http://secunia.com/advisories/21532Vendor Advisory
- http://secunia.com/advisories/21607Vendor Advisory
- http://secunia.com/advisories/22065Vendor Advisory
- http://secunia.com/advisories/22066Vendor Advisory
- http://www.kb.cert.org/vuls/id/243153Patch, US Government Resource
- http://www.mozilla.org/security/announce/2006/mfsa2006-35.htmlPatch, Vendor Advisory
- http://www.us-cert.gov/cas/techalerts/TA06-153A.htmlPatch, US Government Resource
- http://www.vupen.com/english/advisories/2006/2106Vendor Advisory
- http://www.vupen.com/english/advisories/2006/3748Vendor Advisory
- http://www.vupen.com/english/advisories/2006/3749Vendor Advisory
- http://www.vupen.com/english/advisories/2008/0083Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2006-2775?
Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attributes with the wrong URL under certain unspecified circumstances, which might allow remote attackers to bypass restrictions by causing a persisted string to be associated with the wrong URL.
How severe is CVE-2006-2775?
Severity scoring for CVE-2006-2775 is pending analysis. The EPSS model estimates a 4.48% probability of exploitation in the next 30 days.
How do I fix CVE-2006-2775?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2006-2775?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST