CVE-2006-1741

Опубликовано: 14 апр. 2006

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 4.3

Описание

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.proto to extend eval, aka "cross-site JavaScript injection".

Релиз	Статус	Примечание
dapper	released	1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1
edgy	not-affected
feisty	not-affected
upstream	needs-triage

Показывать по

Релиз	Статус	Примечание
dapper	DNE
devel	released	3.0~alpha7-0ubuntu6
edgy	DNE
feisty	DNE
upstream	needs-triage

Показывать по

Релиз	Статус	Примечание
dapper	DNE
devel	released	0.5-0ubuntu4
edgy	DNE
feisty	DNE
upstream	needs-triage

Показывать по

Релиз	Статус	Примечание
dapper	DNE
devel	released	0.1.6b-0ubuntu2
edgy	DNE
feisty	DNE
upstream	needs-triage

Показывать по

Релиз	Статус	Примечание
dapper	released	1.5.0.13-0ubuntu0.6.06
devel	DNE
edgy	released	1.5.0.13-0ubuntu0.6.10
feisty	released	1.5.0.13-0ubuntu0.7.04
upstream	needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 83%

0.01946

Низкий

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2006-1741

redhat

больше 19 лет назад

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection".

CVE-2006-1741

nvd

больше 19 лет назад

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection".

CVE-2006-1741

debian

больше 19 лет назад

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite b ...

GHSA-8r79-mxmm-hhc6

github

больше 3 лет назад

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection".

EPSS

Процентиль: 83%

0.01946

Низкий

4.3 Medium

CVSS2

CVE-2006-1741

Описание

Пакет firefox

Пакет firefox-granparadiso

Пакет lightning-sunbird

Пакет midbrowser

Пакет mozilla-thunderbird

Ссылки на источники

Связанные уязвимости