Launchpad.net

CVE 2006-1726

Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the js_ValueToFunctionObject check and execute arbitrary code via unknown vectors involving setTimeout and Firefox' ForEach method.

Related bugs and status

CVE-2006-1726 (Candidate) is related to these bugs:

Bug #39580: New Release 1.5.0.2

Summary				In	Importance	Status
	39580	New Release 1.5.0.2		firefox (Ubuntu)	Medium	Fix Released

Bug #41096: update to thunderbird 1.5.0.2

Summary				In	Importance	Status
	41096	update to thunderbird 1.5.0.2		mozilla-thunderbird (Ubuntu)	Critical	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.mozilla.org...
CERT: TA06-107A
CERT-VN: VU#968814
BID: 17516
SECUNIA: 19631
SECUNIA: 19649
SECTRACK: 1015931
SECTRACK: 1015932
SECTRACK: 1015933
SECUNIA: 22065
SECUNIA: 22066
VUPEN: ADV-2006-1356
VUPEN: ADV-2006-3748
VUPEN: ADV-2006-3749
VUPEN: ADV-2008-0083
XF: mozilla-valuetofunctio...
OVAL: oval:org.mitre.oval:de...
HP: HPSBTU02118
HP: SSRT061145
HP: HPSBUX02153
HP: SSRT061181
HP: HPSBUX02156
HP: SSRT061236