Cross-Site JavaScript Injection in Firefox and SeaMonkey by Mozilla
CVE-2006-1741

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox; Mozilla Suite; Seamonkey
Vendor: CVE Published:; 14 April 2006

Summary

This vulnerability allows remote attackers to execute arbitrary JavaScript on other websites by manipulating event handlers during the page load process. By leveraging modal alerts, a new page load can suspend the handling of events, creating a window of opportunity for attackers to inject malicious scripts through various methods such as eval() and extensions of eval using window.proto. This exposes users to potential threats, fundamentally altering how web content is rendered and interacted with.

References

https://usn.ubuntu.com/275-1/

vendor-advisoryx_refsource_UBUNTU

http://www.redhat.com/support/errata/RHSA-2006-0330.html

vendor-advisoryx_refsource_REDHAT

http://secunia.com/advisories/19902

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Apr 14, 2006
Vulnerability Reserved
Apr 12, 2006