FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-3808

This CVE name corresponds to:

Entered Topic
2006-07-27 mozilla -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2006-3808
Phase Assigned(20060724)

Description

Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote Proxy AutoConfig (PAC) servers to execute code with elevated privileges via a PAC script that sets the FindProxyForURL function to an eval method on a privileged object.

References

Source Reference
BUGTRAQ 20060727 rPSA-2006-0137-1 firefox
CONFIRM http://www.mozilla.org/security/announce/2006/mfsa2006-52.html
CONFIRM https://issues.rpath.com/browse/RPL-536
CONFIRM https://issues.rpath.com/browse/RPL-537
DEBIAN DSA-1159
DEBIAN DSA-1160
DEBIAN DSA-1161
GENTOO GLSA-200608-02
GENTOO GLSA-200608-03
HP HPSBUX02153
HP SSRT061181
HP HPSBUX02156
HP SSRT061236
MANDRIVA MDKSA-2006:143
MANDRIVA MDKSA-2006:145
REDHAT RHSA-2006:0608
REDHAT RHSA-2006:0610
REDHAT RHSA-2006:0611
REDHAT RHSA-2006:0609
REDHAT RHSA-2006:0594
SGI 20060703-01-P
SUSE SUSE-SA:2006:048
UBUNTU USN-327-1
UBUNTU USN-354-1
UBUNTU USN-361-1
BID 19181
OVAL oval:org.mitre.oval:def:10845
VUPEN ADV-2006-2998
VUPEN ADV-2006-3748
VUPEN ADV-2006-3749
VUPEN ADV-2008-0083
SECTRACK 1016586
SECTRACK 1016587
SECTRACK 1016588
SECUNIA 19873
SECUNIA 21216
SECUNIA 21229
SECUNIA 21246
SECUNIA 21243
SECUNIA 21269
SECUNIA 21270
SECUNIA 21336
SECUNIA 21361
SECUNIA 21250
SECUNIA 21262
SECUNIA 21343
SECUNIA 21529
SECUNIA 21532
SECUNIA 21631
SECUNIA 21654
SECUNIA 21634
SECUNIA 21675
SECUNIA 22210
SECUNIA 22342
SECUNIA 22065
SECUNIA 22066
XF mozilla-pac-code-execution(27989)