CVE-2006-2775

Description

Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attributes with the wrong URL under certain unspecified circumstances, which might allow remote attackers to bypass restrictions by causing a persisted string to be associated with the wrong URL.

How to fix CVE-2006-2775

To remediate CVE-2006-2775, upgrade the affected package to a fixed version below.

• Debian/thunderbird—upgrade to 1.5.0.4-1 or later

Is CVE-2006-2775 being exploited?

Moderate — EPSS is 7.9%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 1.5.0.4-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2006-2775