Vulnerability Details : CVE-2006-1741
Potential exploit
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection".
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2006-1741
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla_suite:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:4.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-1741
1.59%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 80 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-1741
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2006-1741
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2006-1741
-
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
ASA-2006-205 (SUN 102502, 102513, 102514, 102519, 102550, 102556, 102557, 102582, 102588, 102589, 102593)Third Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/25806
Multiple Mozilla products event handler cross-site scripting CVE-2006-1741 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://www.novell.com/linux/security/advisories/2006_04_25.html
404 Page Not Found | SUSEBroken Link
-
https://usn.ubuntu.com/271-1/
404: Page not found | UbuntuThird Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2006-0330.html
SupportThird Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9167
404 Not FoundThird Party Advisory
-
http://www.debian.org/security/2006/dsa-1051
[SECURITY] [DSA 1051-1] New Mozilla Thunderbird packages fix several vulnerabilitiesThird Party Advisory
-
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html
[SECURITY] Fedora Core 5 Update: firefox-1.5.0.2-1.1.fc5Third Party Advisory
-
http://www.mozilla.org/security/announce/2006/mfsa2006-09.html
Cross-site JavaScript injection using event handlers — MozillaExploit
-
http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
Mozilla Firefox: Multiple vulnerabilities (GLSA 200604-12) — Gentoo securityThird Party Advisory
-
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html
[SECURITY] Fedora Core 4 Update: firefox-1.0.8-1.1.fc4Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2006-0329.html
SupportThird Party Advisory
-
http://www.securityfocus.com/archive/1/438730/100/0/threaded
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:078
MandrivaThird Party Advisory
-
http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml
Mozilla Thunderbird: Multiple vulnerabilities (GLSA 200605-09) — Gentoo securityThird Party Advisory
-
http://www.vupen.com/english/advisories/2006/1356
Site en constructionPermissions Required;Third Party Advisory
-
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
Broken Link
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
Broken Link
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1
Broken Link
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:076
MandrivaThird Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1855
404 Not FoundThird Party Advisory
-
http://www.securityfocus.com/archive/1/436296/100/0/threaded
-
http://www.debian.org/security/2006/dsa-1046
[SECURITY] [DSA 1046-1] New Mozilla packages fix several vulnerabilitiesThird Party Advisory
-
http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html
Object not found!Broken Link
-
ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc
Broken Link
-
https://usn.ubuntu.com/276-1/
404: Page not found | UbuntuThird Party Advisory
-
http://www.securityfocus.com/archive/1/436338/100/0/threaded
-
https://usn.ubuntu.com/275-1/
404: Page not found | UbuntuThird Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2006-0328.html
SupportThird Party Advisory
-
http://www.debian.org/security/2006/dsa-1044
[SECURITY] [DSA 1044-1] New Mozilla Firefox packages fix several vulnerabilitiesThird Party Advisory
-
http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
Mozilla Suite: Multiple vulnerabilities (GLSA 200604-18) — Gentoo securityThird Party Advisory
Jump to