CVE-2006-1741

CVSS V2 Medium 4.3 CVSS V3 None
Description
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection".
Overview
  • CVE ID
  • CVE-2006-1741
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2006-04-14T10:02:00
  • Last Modified Date
  • 2018-10-18T16:35:56
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* 1 OR 1.0 1.0.8
cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:mozilla_suite:*:*:*:*:*:*:*:* 1 OR 1.7.13
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:* 1 OR 1.0
cpe:2.3:o:canonical:ubuntu_linux:4.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:N/I:P/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • NONE
  • Base Score
  • 4.3
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8.6
  • Impact Score
  • 2.9
References
Reference URL Reference Tags
http://www.mozilla.org/security/announce/2006/mfsa2006-09.html Exploit
http://www.redhat.com/support/errata/RHSA-2006-0328.html Third Party Advisory
http://secunia.com/advisories/19631 Third Party Advisory
http://www.debian.org/security/2006/dsa-1044 Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml Third Party Advisory
http://secunia.com/advisories/19759 Third Party Advisory
http://secunia.com/advisories/19821 Third Party Advisory
http://www.debian.org/security/2006/dsa-1046 Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml Third Party Advisory
ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc Broken Link
http://secunia.com/advisories/19811 Third Party Advisory
http://secunia.com/advisories/19823 Third Party Advisory
http://secunia.com/advisories/19852 Third Party Advisory
http://secunia.com/advisories/19862 Third Party Advisory
http://secunia.com/advisories/19863 Third Party Advisory
http://secunia.com/advisories/19902 Third Party Advisory
http://www.debian.org/security/2006/dsa-1051 Third Party Advisory
http://secunia.com/advisories/19950 Third Party Advisory
http://secunia.com/advisories/19941 Third Party Advisory
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html Third Party Advisory
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html Third Party Advisory
http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html Broken Link
http://secunia.com/advisories/19714 Third Party Advisory
http://secunia.com/advisories/19721 Third Party Advisory
http://secunia.com/advisories/19746 Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2006-0329.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2006-0330.html Third Party Advisory
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt Broken Link
http://secunia.com/advisories/21033 Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1 Broken Link
http://secunia.com/advisories/21622 Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml Third Party Advisory
http://secunia.com/advisories/19696 Third Party Advisory
http://secunia.com/advisories/19729 Third Party Advisory
http://secunia.com/advisories/19780 Third Party Advisory
http://secunia.com/advisories/20051 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:076 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:078 Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1 Broken Link
http://www.vupen.com/english/advisories/2006/1356 Permissions Required Third Party Advisory
http://www.novell.com/linux/security/advisories/2006_04_25.html Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/25806 Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9167 Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1855 Third Party Advisory
https://usn.ubuntu.com/276-1/ Third Party Advisory
https://usn.ubuntu.com/275-1/ Third Party Advisory
https://usn.ubuntu.com/271-1/ Third Party Advisory
http://www.securityfocus.com/archive/1/438730/100/0/threaded
http://www.securityfocus.com/archive/1/436338/100/0/threaded
http://www.securityfocus.com/archive/1/436296/100/0/threaded
History
Created Old Value New Value Data Type Notes
2022-05-10 18:08:54 Added to TrackCVE