CVE-2006-5747 : Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before

Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary code via the XML.prototype.hasOwnProperty JavaScript function.

Published 2006-11-08 21:07:00

Updated 2018-10-17 21:44:24

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2006-5747

Mozilla » Firefox » Version: 1.5.0.1
cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 1.5 Update Beta1
cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 1.5 Update Beta2
cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 1.5
cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 1.5.0.2
cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 1.5.0.3
cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 1.5.0.4
cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 1.5.0.5
cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 1.5.0.6
cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 1.5.0.7
cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 1.0
cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 1.0.1
cpe:2.3:a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 1.0.2
cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 1.0.7
cpe:2.3:a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 1.5 Update Beta2
cpe:2.3:a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 1.0.5
cpe:2.3:a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 1.0.6
cpe:2.3:a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 1.5
cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 1.5.0.1
cpe:2.3:a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 1.0.8
cpe:2.3:a:mozilla:thunderbird:1.0.8:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 1.5.0.4
cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 1.5.0.2
cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 1.5.0.7
cpe:2.3:a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.3
cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.2
cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.5
cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.1
cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0
cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0 DEV Edition
cpe:2.3:a:mozilla:seamonkey:1.0:*:dev:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2006-5747

EPSS FAQ

12.03%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 93 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2006-5747

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2006-5747

http://www.ubuntu.com/usn/usn-382-1

USN-382-1: Thunderbird vulnerabilities | Ubuntu security notices | Ubuntu
Patch;Vendor Advisory

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11496

404 Not Found
http://www.securityfocus.com/archive/1/451099/100/0/threaded

CVEs referencing this url
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDKSA-2006:205

Mandriva

CVEs referencing this url
http://www.vupen.com/english/advisories/2006/4387

Site en construction

CVEs referencing this url
http://security.gentoo.org/glsa/glsa-200612-08.xml

SeaMonkey: Multiple vulnerabilities (GLSA 200612-08) — Gentoo security
Patch;Vendor Advisory

CVEs referencing this url
http://www.kb.cert.org/vuls/id/815432

VU#815432 - Mozilla XML.prototype.hasOwnProperty() method memory corruption vulnerability
Patch;US Government Resource
ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P

Patch

CVEs referencing this url
http://support.avaya.com/elmodocs2/security/ASA-2006-246.htm

ASA-2006-246 (RHSA-2006-0733)
Patch;Vendor Advisory

CVEs referencing this url
http://www.ubuntu.com/usn/usn-381-1

USN-381-1: Firefox vulnerabilities | Ubuntu security notices | Ubuntu
Patch;Vendor Advisory

CVEs referencing this url
http://www.vupen.com/english/advisories/2008/0083

Webmail: access your OVH emails on ovhcloud.com | OVHcloud

CVEs referencing this url
http://www.securityfocus.com/bid/20957

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2006-0734.html

RHSA-2006:0734 - Security Advisory - Red Hat Customer Portal
Patch;Vendor Advisory

CVEs referencing this url
http://securitytracker.com/id?1017177

Access Denied
Patch

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2006-0733.html

RHSA-2006:0733 - Security Advisory - Red Hat Customer Portal
Patch;Vendor Advisory

CVEs referencing this url
http://www.mozilla.org/security/announce/2006/mfsa2006-65.html

Crashes with evidence of memory corruption (rv:1.8.0.8) — Mozilla
Vendor Advisory

CVEs referencing this url
http://securitytracker.com/id?1017178

Access Denied
Patch

CVEs referencing this url
http://securitytracker.com/id?1017179

GoDaddy Domain Name Search
Patch

CVEs referencing this url
http://security.gentoo.org/glsa/glsa-200612-06.xml

Mozilla Thunderbird: Multiple vulnerabilities (GLSA 200612-06) — Gentoo security
Patch;Vendor Advisory

CVEs referencing this url
http://security.gentoo.org/glsa/glsa-200612-07.xml

Mozilla Firefox: Multiple vulnerabilities (GLSA 200612-07) — Gentoo security
Patch;Vendor Advisory

CVEs referencing this url
https://issues.rpath.com/browse/RPL-765

CVEs referencing this url
http://www.vupen.com/english/advisories/2006/3748

Site en construction

CVEs referencing this url
http://www.us-cert.gov/cas/techalerts/TA06-312A.html

Page Not Found | CISA
Patch;US Government Resource

CVEs referencing this url
http://www.novell.com/linux/security/advisories/2006_68_mozilla.html

404 Page Not Found | SUSE
Patch;Vendor Advisory

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/30093

Multiple Mozilla products XML.prototype.hasOwnProperty code execution CVE-2006-5747 Vulnerability Report
http://www.mandriva.com/security/advisories?name=MDKSA-2006:206

Mandriva

CVEs referencing this url
http://www.vupen.com/english/advisories/2007/1198

Site en construction

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2006-0735.html

RHSA-2006:0735 - Security Advisory - Red Hat Customer Portal
Patch;Vendor Advisory

CVEs referencing this url
https://bugzilla.mozilla.org/show_bug.cgi?id=355569

355569 - XML.prototype.hasOwnProperty is exploitable (CVE-2006-5747)

Jump to

Vulnerability Details : CVE-2006-5747

Products affected by CVE-2006-5747

Exploit prediction scoring system (EPSS) score for CVE-2006-5747

CVSS scores for CVE-2006-5747

References for CVE-2006-5747