4.3

CVE-2006-1741

Exploit
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection".
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version >= 1.0 < 1.0.8
MozillaFirefox Version1.5
MozillaMozilla Suite Version < 1.7.13
MozillaSeamonkey Version < 1.0
CanonicalUbuntu Linux Version4.10
CanonicalUbuntu Linux Version5.04
CanonicalUbuntu Linux Version5.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.89% 0.889
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://secunia.com/advisories/19823
Third Party Advisory
http://www.novell.com/linux/security/advisories/2006_04_25.html
Broken Link
http://secunia.com/advisories/19863
Third Party Advisory
http://secunia.com/advisories/19941
Third Party Advisory
http://www.debian.org/security/2006/dsa-1046
Third Party Advisory
http://www.debian.org/security/2006/dsa-1051
Third Party Advisory
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
Broken Link
http://secunia.com/advisories/19746
Third Party Advisory
http://secunia.com/advisories/19759
Third Party Advisory
http://secunia.com/advisories/19852
Third Party Advisory
http://secunia.com/advisories/19862
Third Party Advisory
http://secunia.com/advisories/19902
Third Party Advisory
http://secunia.com/advisories/21033
Third Party Advisory
http://secunia.com/advisories/21622
Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1
Broken Link
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
Third Party Advisory
http://www.debian.org/security/2006/dsa-1044
Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
Third Party Advisory
http://www.securityfocus.com/archive/1/438730/100/0/threaded
https://usn.ubuntu.com/271-1/
Third Party Advisory
https://usn.ubuntu.com/275-1/
Third Party Advisory
ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc
Broken Link
http://secunia.com/advisories/19811
Third Party Advisory
http://secunia.com/advisories/19780
Third Party Advisory
http://secunia.com/advisories/19821
Third Party Advisory
http://secunia.com/advisories/19950
Third Party Advisory
http://secunia.com/advisories/20051
Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:078
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2006-0330.html
Third Party Advisory
https://usn.ubuntu.com/276-1/
Third Party Advisory
http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html
Broken Link
http://secunia.com/advisories/19721
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:076
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2006-0329.html
Third Party Advisory
http://www.securityfocus.com/archive/1/436296/100/0/threaded
http://www.vupen.com/english/advisories/2006/1356
Third Party Advisory
Permissions Required
http://www.securityfocus.com/archive/1/436338/100/0/threaded
http://secunia.com/advisories/19631
Third Party Advisory
http://secunia.com/advisories/19696
Third Party Advisory
http://secunia.com/advisories/19714
Third Party Advisory
http://secunia.com/advisories/19729
Third Party Advisory
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html
Third Party Advisory
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2006-0328.html
Third Party Advisory
http://www.mozilla.org/security/announce/2006/mfsa2006-09.html
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/25806
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1855
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9167
Third Party Advisory