Vulnerability Name: | CVE-2006-1741 (CCN-25806) | ||||||||||||||||||||||||||||||||||||||||
Assigned: | 2006-04-14 | ||||||||||||||||||||||||||||||||||||||||
Published: | 2006-04-14 | ||||||||||||||||||||||||||||||||||||||||
Updated: | 2018-10-18 | ||||||||||||||||||||||||||||||||||||||||
Summary: | Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection". | ||||||||||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||||||||||
Vulnerability Type: | CWE-79 | ||||||||||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||||||||||
References: | Source: SCO Type: Broken Link SCOSA-2006.26 Source: SGI Type: Broken Link 20060404-01-U Source: MITRE Type: CNA CVE-2006-1741 Source: SUSE Type: Broken Link SUSE-SA:2006:021 Source: CCN Type: RHSA-2006-0328 firefox security update Source: CCN Type: RHSA-2006-0329 mozilla security update Source: CCN Type: RHSA-2006-0330 thunderbird security update Source: CCN Type: SA19631 Firefox Multiple Vulnerabilities Source: SECUNIA Type: Third Party Advisory 19631 Source: SECUNIA Type: Third Party Advisory 19696 Source: SECUNIA Type: Third Party Advisory 19714 Source: SECUNIA Type: Third Party Advisory 19721 Source: SECUNIA Type: Third Party Advisory 19729 Source: SECUNIA Type: Third Party Advisory 19746 Source: SECUNIA Type: Third Party Advisory 19759 Source: SECUNIA Type: Third Party Advisory 19780 Source: SECUNIA Type: Third Party Advisory 19811 Source: SECUNIA Type: Third Party Advisory 19821 Source: SECUNIA Type: Third Party Advisory 19823 Source: SECUNIA Type: Third Party Advisory 19852 Source: SECUNIA Type: Third Party Advisory 19862 Source: SECUNIA Type: Third Party Advisory 19863 Source: SECUNIA Type: Third Party Advisory 19902 Source: SECUNIA Type: Third Party Advisory 19941 Source: SECUNIA Type: Third Party Advisory 19950 Source: SECUNIA Type: Third Party Advisory 20051 Source: SECUNIA Type: Third Party Advisory 21033 Source: SECUNIA Type: Third Party Advisory 21622 Source: CCN Type: Sun Alert ID: 102550 Multiple Security Vulnerabilites in Mozilla 1.4 and 1.7 for Solaris and for Sun JDS for Linux Source: SUNALERT Type: Broken Link 102550 Source: SUNALERT Type: Broken Link 228526 Source: CCN Type: ASA-2006-085 Mozilla Firefox and Thunderbird security update (RHSA-2006-0328 RHSA-2006-0329 RHSA-2006-330) Source: CONFIRM Type: Third Party Advisory http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm Source: DEBIAN Type: Third Party Advisory DSA-1044 Source: DEBIAN Type: Third Party Advisory DSA-1046 Source: DEBIAN Type: Third Party Advisory DSA-1051 Source: DEBIAN Type: DSA-1044 mozilla-firefox -- several vulnerabilities Source: DEBIAN Type: DSA-1046 mozilla -- several vulnerabilities Source: DEBIAN Type: DSA-1051 mozilla-thunderbird -- several vulnerabilities Source: CCN Type: GLSA-200604-12 Mozilla Firefox: Multiple vulnerabilities Source: GENTOO Type: Third Party Advisory GLSA-200604-12 Source: CCN Type: GLSA-200604-18 Mozilla Suite: Multiple vulnerabilities Source: GENTOO Type: Third Party Advisory GLSA-200604-18 Source: CCN Type: GLSA-200605-09 Mozilla Thunderbird: Multiple vulnerabilities Source: GENTOO Type: Third Party Advisory GLSA-200605-09 Source: MANDRIVA Type: Third Party Advisory MDKSA-2006:076 Source: MANDRIVA Type: Third Party Advisory MDKSA-2006:078 Source: CCN Type: Mozilla Web site Firefox - Rediscover the Web Source: CCN Type: MFSA 2006-09 Cross-site JavaScript injection using event handlers Source: CONFIRM Type: Exploit http://www.mozilla.org/security/announce/2006/mfsa2006-09.html Source: SUSE Type: Broken Link SUSE-SA:2006:022 Source: FEDORA Type: Third Party Advisory FEDORA-2006-410 Source: FEDORA Type: Third Party Advisory FEDORA-2006-411 Source: REDHAT Type: Third Party Advisory RHSA-2006:0328 Source: REDHAT Type: Third Party Advisory RHSA-2006:0329 Source: REDHAT Type: Third Party Advisory RHSA-2006:0330 Source: FEDORA Type: UNKNOWN FLSA:189137-1 Source: FEDORA Type: UNKNOWN FLSA:189137-2 Source: HP Type: UNKNOWN HPSBUX02122 Source: CCN Type: USN-271-1 Firefox vulnerabilities Source: CCN Type: USN-275-1 Mozilla vulnerabilities Source: CCN Type: USN-276-1 Thunderbird vulnerabilities Source: VUPEN Type: Permissions Required, Third Party Advisory ADV-2006-1356 Source: XF Type: Third Party Advisory, VDB Entry mozilla-eventhandler-xss(25806) Source: XF Type: UNKNOWN mozilla-eventhandler-xss(25806) Source: OVAL Type: Third Party Advisory oval:org.mitre.oval:def:1855 Source: OVAL Type: Third Party Advisory oval:org.mitre.oval:def:9167 Source: UBUNTU Type: Third Party Advisory USN-271-1 Source: UBUNTU Type: Third Party Advisory USN-275-1 Source: UBUNTU Type: Third Party Advisory USN-276-1 Source: SUSE Type: SUSE-SA:2006:021 Mozilla Firefox and Mozilla suite various security problems Source: SUSE Type: SUSE-SA:2006:022 MozillaThunderbird various problems | ||||||||||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5: Configuration CCN 1: ![]() | ||||||||||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||
BACK |