CVE-2006-1741 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-1741
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-1741

Description: Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection".

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/25806 UBUNTU http://www.ubuntulinux.org/support/documentation/usn/usn-271-1 http://www.ubuntulinux.org/support/documentation/usn/usn-276-1 http://www.ubuntulinux.org/support/documentation/usn/usn-275-1 SUSE http://www.novell.com/linux/security/advisories/2006_04_25.html http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1 SGI SCO SAID Secunia Advisory: SA19696 Secunia Advisory: SA21622 Secunia Advisory: SA21033 Secunia Advisory: SA19746 Secunia Advisory: SA19721 Secunia Advisory: SA19714 Secunia Advisory: SA19941 Secunia Advisory: SA19950 Secunia Advisory: SA19902 Secunia Advisory: SA19863 Secunia Advisory: SA19811 Secunia Advisory: SA19823 Secunia Advisory: SA19852 Secunia Advisory: SA19862 Secunia Advisory: SA19759 Secunia Advisory: SA19821 Secunia Advisory: SA19631 Secunia Advisory: SA19729 Secunia Advisory: SA19780 Secunia Advisory: SA20051 REDHAT http://www.redhat.com/support/errata/RHSA-2006-0329.html http://www.redhat.com/support/errata/RHSA-2006-0330.html http://www.redhat.com/support/errata/RHSA-2006-0328.html OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1855 MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2006:076 http://www.mandriva.com/security/advisories?name=MDKSA-2006:078 HP http://www.securityfocus.com/archive/1/archive/1/438730/100/0/threaded GENTOO http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml FEDORA http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html http://www.securityfocus.com/archive/1/archive/1/436296/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/436338/100/0/threaded http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html DEBIAN http://www.debian.org/security/2006/dsa-1051 http://www.debian.org/security/2006/dsa-1044 http://www.debian.org/security/2006/dsa-1046 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm http://www.mozilla.org/security/announce/2006/mfsa2006-09.html

Return to the previous page.