Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are called without any arguments, which allows remote attackers to conduct cross-site scripting (XSS) attacks.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:09
Type | Values Removed | Values Added |
---|---|---|
References | () ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt - | |
References | () ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc - | |
References | () http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html - | |
References | () http://secunia.com/advisories/19631 - | |
References | () http://secunia.com/advisories/19696 - | |
References | () http://secunia.com/advisories/19714 - | |
References | () http://secunia.com/advisories/19721 - | |
References | () http://secunia.com/advisories/19729 - | |
References | () http://secunia.com/advisories/19746 - | |
References | () http://secunia.com/advisories/19759 - | |
References | () http://secunia.com/advisories/19780 - | |
References | () http://secunia.com/advisories/19794 - | |
References | () http://secunia.com/advisories/19811 - | |
References | () http://secunia.com/advisories/19821 - | |
References | () http://secunia.com/advisories/19823 - | |
References | () http://secunia.com/advisories/19852 - | |
References | () http://secunia.com/advisories/19862 - | |
References | () http://secunia.com/advisories/19863 - | |
References | () http://secunia.com/advisories/19902 - | |
References | () http://secunia.com/advisories/19941 - | |
References | () http://secunia.com/advisories/19950 - | |
References | () http://secunia.com/advisories/20051 - | |
References | () http://secunia.com/advisories/21033 - | |
References | () http://secunia.com/advisories/21622 - | |
References | () http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1 - | |
References | () http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1 - | |
References | () http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm - | |
References | () http://www.debian.org/security/2006/dsa-1044 - | |
References | () http://www.debian.org/security/2006/dsa-1046 - | |
References | () http://www.debian.org/security/2006/dsa-1051 - | |
References | () http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml - | |
References | () http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml - | |
References | () http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml - | |
References | () http://www.mandriva.com/security/advisories?name=MDKSA-2006:075 - | |
References | () http://www.mandriva.com/security/advisories?name=MDKSA-2006:076 - | |
References | () http://www.mandriva.com/security/advisories?name=MDKSA-2006:078 - | |
References | () http://www.mozilla.org/security/announce/2006/mfsa2006-19.html - | |
References | () http://www.novell.com/linux/security/advisories/2006_04_25.html - | |
References | () http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html - | |
References | () http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html - | |
References | () http://www.redhat.com/support/errata/RHSA-2006-0328.html - | |
References | () http://www.redhat.com/support/errata/RHSA-2006-0329.html - | |
References | () http://www.redhat.com/support/errata/RHSA-2006-0330.html - | |
References | () http://www.securityfocus.com/archive/1/436296/100/0/threaded - | |
References | () http://www.securityfocus.com/archive/1/436338/100/0/threaded - | |
References | () http://www.securityfocus.com/archive/1/438730/100/0/threaded - | |
References | () http://www.securityfocus.com/bid/17516 - | |
References | () http://www.vupen.com/english/advisories/2006/1356 - | |
References | () http://www.vupen.com/english/advisories/2006/3391 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/25820 - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1955 - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9604 - | |
References | () https://usn.ubuntu.com/271-1/ - | |
References | () https://usn.ubuntu.com/275-1/ - | |
References | () https://usn.ubuntu.com/276-1/ - |
Information
Published : 2006-04-14 10:02
Updated : 2024-11-21 00:09
NVD link : CVE-2006-1731
Mitre link : CVE-2006-1731
CVE.ORG link : CVE-2006-1731
JSON object : View
Products Affected
mozilla
- firefox
- seamonkey
- mozilla_suite
- thunderbird
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')