Published: 14/04/2006 Updated: 18/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Subscribe to Mozilla

Mozilla Firefox 1.x prior to 1.5 and 1.0.x prior to 1.0.8, Mozilla Suite prior to 1.7.13, and SeaMonkey prior to 1.0 allows remote malicious users to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection".

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox 1.5
mozilla firefox
mozilla mozilla suite
mozilla seamonkey
canonical ubuntu linux 5.04
canonical ubuntu linux 5.10
canonical ubuntu linux 4.10

Igor Bukanov discovered that the JavaScript engine did not properly declare some temporary variables Under some rare circumstances, a malicious mail with embedded JavaScript could exploit this to execute arbitrary code with the privileges of the user (CVE-2006-0292, CVE-2006-1742) ...

Web pages with extremely long titles caused subsequent launches of Mozilla browser to hang for up to a few minutes, or caused Mozilla to crash on computers with insufficient memory (CVE-2005-4134) ...

Web pages with extremely long titles caused subsequent launches of Firefox browser to hang for up to a few minutes, or caused Firefox to crash on computers with insufficient memory (CVE-2005-4134) ...

Mozilla Foundation Security Advisory 2006-09 Cross-site JavaScript injection using event handlers Announced April 13, 2006 Reporter shutdown Impact High Products Firefox, Mozilla Suite, SeaMonkey, Thunderbird Fixed in ...

CWE-79 http://www.mozilla.org/security/announce/2006/mfsa2006-09.html http://www.redhat.com/support/errata/RHSA-2006-0328.html http://secunia.com/advisories/19631 http://www.debian.org/security/2006/dsa-1044 http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml http://secunia.com/advisories/19759 http://secunia.com/advisories/19821 http://www.debian.org/security/2006/dsa-1046 http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc http://secunia.com/advisories/19811 http://secunia.com/advisories/19823 http://secunia.com/advisories/19852 http://secunia.com/advisories/19862 http://secunia.com/advisories/19863 http://secunia.com/advisories/19902 http://www.debian.org/security/2006/dsa-1051 http://secunia.com/advisories/19950 http://secunia.com/advisories/19941 http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html http://secunia.com/advisories/19714 http://secunia.com/advisories/19721 http://secunia.com/advisories/19746 http://www.redhat.com/support/errata/RHSA-2006-0329.html http://www.redhat.com/support/errata/RHSA-2006-0330.html ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt http://secunia.com/advisories/21033 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1 http://secunia.com/advisories/21622 http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml http://secunia.com/advisories/19696 http://secunia.com/advisories/19729 http://secunia.com/advisories/19780 http://secunia.com/advisories/20051 http://www.mandriva.com/security/advisories?name=MDKSA-2006:076 http://www.mandriva.com/security/advisories?name=MDKSA-2006:078 http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1 http://www.vupen.com/english/advisories/2006/1356 http://www.novell.com/linux/security/advisories/2006_04_25.html https://exchange.xforce.ibmcloud.com/vulnerabilities/25806 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9167 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1855 https://usn.ubuntu.com/276-1/https://usn.ubuntu.com/275-1/https://usn.ubuntu.com/271-1/http://www.securityfocus.com/archive/1/438730/100/0/threaded http://www.securityfocus.com/archive/1/436338/100/0/threaded http://www.securityfocus.com/archive/1/436296/100/0/threaded https://nvd.nist.gov https://usn.ubuntu.com/276-1/

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook