Cross-Site Scripting Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey
CVE-2006-1731

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox; Mozilla Suite; Thunderbird; Seamonkey
Vendor: CVE Published:; 14 April 2006

Summary

A vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey allows remote attackers to conduct cross-site scripting (XSS) attacks. This occurs when the Object class prototype is returned instead of the global window object during the execution of valueOf.call or valueOf.apply without arguments. Attackers can exploit this behavior to inject malicious scripts into web applications, potentially compromising user data and session information.

References

https://usn.ubuntu.com/275-1/

vendor-advisoryx_refsource_UBUNTU

http://www.redhat.com/support/errata/RHSA-2006-0330.html

vendor-advisoryx_refsource_REDHAT

http://secunia.com/advisories/19902

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Apr 14, 2006
Vulnerability Reserved
Apr 12, 2006