Red Hat Bugzilla – Bug 188784
CVE-2006-1735 Privilege escalation via XBL.method.eval
Last modified: 2007-11-30 17:07:24 EST
Privilege escalation via XBL.method.eval
Using the eval associated with methods of an XBL binding it was possible to
privileges, allowing the attacker to run code of their choice with the full
permission of the user running the browser. This could be used to install
spyware or viruses.
This issue also affects RHEL3
This issue also affects RHEL2.1
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.