Vulnerability Note VU#813230
Mozilla products vulnerable to privilege escalation via XBL.method.eval
A vulnerability in the way Mozilla products and derivative programs handle certain XBL methods could allow a remote attacker to execute arbitrary code on a vulnerable system.
The Mozilla browser and derived products include support for the Extensible Bindings Language (XBL), a markup language that defines special new elements, or "bindings" for Mozilla's XML-based User interface Language (XUL) widgets and HTML elements. A vulnerability has been discovered in the way that Mozilla and derived products handle some methods of XBL bindings. Mozilla Foundation Security Advisory 2006-14 states the following:
A remote attacker may be able to run code of their choosing on an affected system. The attacker-supplied code would be executed with the permissions of the user running the vulnerable program.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Mozilla, Inc.||Affected||17 Apr 2006||17 Apr 2006|
CVSS Metrics (Learn More)
Thanks to Mozilla Foundation Security Advisory for reporting this vulnerability.
This document was written by Chad Dougherty based on information supplied by the Mozilla Foundation.
- CVE IDs: CVE-2006-1735
- Date Public: 13 Apr 2006
- Date First Published: 17 Apr 2006
- Date Last Updated: 17 Apr 2006
- Severity Metric: 24.30
- Document Revision: 6
If you have feedback, comments, or additional information about this vulnerability, please send us email.