CVE-2006-1741

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox; Mozilla Suite; Seamonkey
Vendor: CVE Published:; 14 April 2006

Summary

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.proto to extend eval, aka "cross-site JavaScript injection".

References

https://usn.ubuntu.com/275-1/

vendor-advisoryx_refsource_UBUNTU

http://www.redhat.com/support/errata/RHSA-2006-0330.html

vendor-advisoryx_refsource_REDHAT

http://secunia.com/advisories/19902

third-party-advisoryx_refsource_SECUNIA

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 14, 2006
Vulnerability Reserved
Apr 12, 2006