| Vulnerability Name: | CVE-2006-4561 (CCN-33412) | ||||||||
| Assigned: | 2006-08-14 | ||||||||
| Published: | 2006-08-14 | ||||||||
| Updated: | 2018-10-17 | ||||||||
| Summary: | Mozilla Firefox 1.5.0.6 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker's control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running. | ||||||||
| CVSS v3 Severity: | 9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 6.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:U/RC:UR)
6.1 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:U/RC:UR)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Mon Aug 14 2006 - 11:07:31 CDT (somewhat) breaking the same-origin policy by undermining dns-pinning Source: MITRE Type: CNA CVE-2006-4561 Source: OSVDB Type: UNKNOWN 31834 Source: MISC Type: Exploit http://polyboy.net/xss/dnsslurp.html Source: MISC Type: UNKNOWN http://shampoo.antville.org/stories/1451301/ Source: CCN Type: Mozilla Web site mozilla - home of the mozilla, firefox, and camino web browsers Source: CCN Type: OSVDB ID: 31834 Mozilla Firefox Arbitrary Javascript Execution Source: BUGTRAQ Type: UNKNOWN 20060814 (somewhat) breaking the same-origin policy by undermining dns-pinning Source: XF Type: UNKNOWN firefox-javascript-dnspinning-code-execution(33412) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||