CVE-2006-2787

Description

EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox.

How to fix CVE-2006-2787

To remediate CVE-2006-2787, upgrade the affected package to a fixed version below.

• Debian/thunderbird—upgrade to 1.5.0.4-1 or later

Is CVE-2006-2787 being exploited?

Moderate — EPSS is 9.2%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 1.5.0.4-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2006-2787