Vulnerability Details : CVE-2006-1731
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are called without any arguments, which allows remote attackers to conduct cross-site scripting (XSS) attacks.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2006-1731
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.5:beta:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla_suite:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla_suite:1.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla_suite:1.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla_suite:1.7.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla_suite:1.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla_suite:1.7.11:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:*:beta:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-1731
2.71%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 85 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-1731
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2006-1731
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2006-1731
-
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
ASA-2006-205 (SUN 102502, 102513, 102514, 102519, 102550, 102556, 102557, 102582, 102588, 102589, 102593)
-
http://secunia.com/advisories/19821
About Secunia Research | Flexera
-
http://www.mozilla.org/security/announce/2006/mfsa2006-19.html
Cross-site scripting using .valueOf.call() — Mozilla
-
http://secunia.com/advisories/19759
About Secunia Research | Flexera
-
http://secunia.com/advisories/19862
About Secunia Research | Flexera
-
http://www.novell.com/linux/security/advisories/2006_04_25.html
404 Page Not Found | SUSE
-
http://secunia.com/advisories/19811
About Secunia Research | Flexera
-
http://secunia.com/advisories/19823
About Secunia Research | Flexera
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1955
404 Not Found
-
https://usn.ubuntu.com/271-1/
404: Page not found | Ubuntu
-
http://www.redhat.com/support/errata/RHSA-2006-0330.html
Support
-
http://www.debian.org/security/2006/dsa-1051
[SECURITY] [DSA 1051-1] New Mozilla Thunderbird packages fix several vulnerabilities
-
http://secunia.com/advisories/19631
About Secunia Research | Flexera
-
http://secunia.com/advisories/19729
About Secunia Research | Flexera
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/25820
Multiple Mozilla products valueOf.call() and valueOf.apply() cross-site scripting CVE-2006-1731 Vulnerability Report
-
http://secunia.com/advisories/19852
About Secunia Research | Flexera
-
http://secunia.com/advisories/21033
About Secunia Research | Flexera
-
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html
[SECURITY] Fedora Core 5 Update: firefox-1.5.0.2-1.1.fc5
-
http://secunia.com/advisories/19714
About Secunia Research | Flexera
-
http://secunia.com/advisories/19794
About Secunia Research | Flexera
-
http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
Mozilla Firefox: Multiple vulnerabilities (GLSA 200604-12) — Gentoo security
-
http://secunia.com/advisories/19863
About Secunia Research | Flexera
-
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html
[SECURITY] Fedora Core 4 Update: firefox-1.0.8-1.1.fc4
-
http://www.redhat.com/support/errata/RHSA-2006-0329.html
Support
-
http://www.securityfocus.com/archive/1/438730/100/0/threaded
-
http://secunia.com/advisories/19696
About Secunia Research | Flexera
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:078
Mandriva
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9604
404 Not Found
-
http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml
Mozilla Thunderbird: Multiple vulnerabilities (GLSA 200605-09) — Gentoo security
-
http://secunia.com/advisories/19746
About Secunia Research | Flexera
-
http://www.vupen.com/english/advisories/2006/1356
Site en construction
-
http://secunia.com/advisories/19950
About Secunia Research | Flexera
-
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:076
Mandriva
-
http://secunia.com/advisories/19941
About Secunia Research | Flexera
-
http://www.securityfocus.com/archive/1/436296/100/0/threaded
-
http://secunia.com/advisories/20051
About Secunia Research | Flexera
-
http://www.debian.org/security/2006/dsa-1046
[SECURITY] [DSA 1046-1] New Mozilla packages fix several vulnerabilities
-
http://secunia.com/advisories/19721
About Secunia Research | Flexera
-
http://secunia.com/advisories/21622
About Secunia Research | Flexera
-
http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html
Object not found!
-
http://secunia.com/advisories/19780
About Secunia Research | Flexera
-
ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc
-
https://usn.ubuntu.com/276-1/
404: Page not found | Ubuntu
-
http://www.securityfocus.com/bid/17516
-
http://www.securityfocus.com/archive/1/436338/100/0/threaded
-
https://usn.ubuntu.com/275-1/
404: Page not found | Ubuntu
-
http://www.vupen.com/english/advisories/2006/3391
Site en construction
-
http://www.redhat.com/support/errata/RHSA-2006-0328.html
Support
-
http://secunia.com/advisories/19902
About Secunia Research | Flexera
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:075
Mandriva
-
http://www.debian.org/security/2006/dsa-1044
[SECURITY] [DSA 1044-1] New Mozilla Firefox packages fix several vulnerabilities
-
http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
Mozilla Suite: Multiple vulnerabilities (GLSA 200604-18) — Gentoo security
Jump to