Vulnerability Note VU#575969
Mozilla may process content-defined setters on object prototypes with elevated privileges
Mozilla allows content-defined setters on object prototypes to execute with elevated privileges. This may allow a remote attacker to execute arbitrary code.
The complete impact of this vulnerability is not yet known.
Apply an update
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Mozilla, Inc.||Affected||-||02 Jun 2006|
CVSS Metrics (Learn More)
Thanks to the Mozilla Foundation Security Advisory for reporting this vulnerability, who in turn credit Paul Nickerson and moz_bug_r_a4.
This document was written by Will Dormann.
- CVE IDs: CVE-2006-2776
- Date Public: 01 Jun 2006
- Date First Published: 02 Jun 2006
- Date Last Updated: 09 Feb 2007
- Severity Metric: 11.48
- Document Revision: 13
If you have feedback, comments, or additional information about this vulnerability, please send us email.