Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2006-1731 | First vendor Publication | 2006-04-14 |
Vendor | Cve | Last vendor Modification | 2018-10-18 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are called without any arguments, which allows remote attackers to conduct cross-site scripting (XSS) attacks. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1731 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:1955 | |||
Oval ID: | oval:org.mitre.oval:def:1955 | ||
Title: | Mozilla Cross-site Scripting Using .valueOf.call() | ||
Description: | Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are called without any arguments, which allows remote attackers to conduct cross-site scripting (XSS) attacks. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2006-1731 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for Mozilla suite File : nvt/sles9p5019559.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200604-12 (mozilla-firefox) File : nvt/glsa_200604_12.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200604-18 (mozilla) File : nvt/glsa_200604_18.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200605-09 (mozilla-thunderbird) File : nvt/glsa_200605_09.nasl |
2008-09-04 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox22.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1044-1 (mozilla-firefox) File : nvt/deb_1044_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1046-1 (mozilla) File : nvt/deb_1046_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1051-1 (mozilla-thunderbird) File : nvt/deb_1051_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
24671 | Mozilla Multiple Products .valueOf.call() / .valueOf.apply() Same-origin Bypass |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-12-21 | Name : A web browser on the remote host is prone to multiple flaws. File : mozilla_firefox_108.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote host is missing Sun Security Patch number 120671-08 File : solaris8_120671.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote host is missing Sun Security Patch number 120671-08 File : solaris9_120671.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-490.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-487.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-488.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-489.nasl - Type : ACT_GATHER_INFO |
2006-12-06 | Name : The remote host is missing Sun Security Patch number 120672-08 File : solaris8_x86_120672.nasl - Type : ACT_GATHER_INFO |
2006-12-06 | Name : The remote host is missing Sun Security Patch number 120672-08 File : solaris9_x86_120672.nasl - Type : ACT_GATHER_INFO |
2006-11-06 | Name : The remote host is missing Sun Security Patch number 119115-36 File : solaris10_119115.nasl - Type : ACT_GATHER_INFO |
2006-11-06 | Name : The remote host is missing Sun Security Patch number 119116-35 File : solaris10_x86_119116.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1051.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1046.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1044.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2006-0328.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2006-0330.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0329.nasl - Type : ACT_GATHER_INFO |
2006-05-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_84630f4acd8c11dab7b9000c6ec775d9.nasl - Type : ACT_GATHER_INFO |
2006-05-13 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200605-09.nasl - Type : ACT_GATHER_INFO |
2006-05-03 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-276-1.nasl - Type : ACT_GATHER_INFO |
2006-05-03 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200604-18.nasl - Type : ACT_GATHER_INFO |
2006-04-28 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-275-1.nasl - Type : ACT_GATHER_INFO |
2006-04-26 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2006-0330.nasl - Type : ACT_GATHER_INFO |
2006-04-26 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-078.nasl - Type : ACT_GATHER_INFO |
2006-04-26 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-075.nasl - Type : ACT_GATHER_INFO |
2006-04-26 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200604-12.nasl - Type : ACT_GATHER_INFO |
2006-04-26 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2006_021.nasl - Type : ACT_GATHER_INFO |
2006-04-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0329.nasl - Type : ACT_GATHER_INFO |
2006-04-21 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-411.nasl - Type : ACT_GATHER_INFO |
2006-04-21 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-271-1.nasl - Type : ACT_GATHER_INFO |
2006-04-21 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-410.nasl - Type : ACT_GATHER_INFO |
2006-04-17 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2006-0328.nasl - Type : ACT_GATHER_INFO |
2006-04-14 | Name : A web browser on the remote host is prone to multiple flaws. File : seamonkey_101.nasl - Type : ACT_GATHER_INFO |
2006-02-05 | Name : A web browser on the remote host is prone to multiple flaws. File : seamonkey_10.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-02-10 01:03:52 |
|
2024-02-02 01:04:03 |
|
2024-02-01 12:01:54 |
|
2023-09-05 12:03:48 |
|
2023-09-05 01:01:45 |
|
2023-09-02 12:03:51 |
|
2023-09-02 01:01:45 |
|
2023-08-12 12:04:33 |
|
2023-08-12 01:01:46 |
|
2023-08-11 12:03:56 |
|
2023-08-11 01:01:48 |
|
2023-08-06 12:03:42 |
|
2023-08-06 01:01:46 |
|
2023-08-04 12:03:46 |
|
2023-08-04 01:01:48 |
|
2023-07-14 12:03:45 |
|
2023-07-14 01:01:47 |
|
2023-03-29 01:04:01 |
|
2023-03-28 12:01:52 |
|
2022-10-11 12:03:20 |
|
2022-10-11 01:01:39 |
|
2021-05-04 12:03:54 |
|
2021-04-22 01:04:27 |
|
2020-10-14 01:01:52 |
|
2020-10-03 01:01:52 |
|
2020-05-29 01:01:46 |
|
2020-05-23 01:37:29 |
|
2020-05-23 00:17:38 |
|
2019-06-25 12:01:23 |
|
2019-01-30 12:01:50 |
|
2018-10-18 21:20:04 |
|
2018-10-05 05:18:09 |
|
2018-10-04 00:19:27 |
|
2018-07-13 01:02:02 |
|
2017-11-21 12:01:30 |
|
2017-10-11 09:23:39 |
|
2017-07-20 09:23:30 |
|
2016-04-26 14:29:48 |
|
2014-02-17 10:35:24 |
|
2013-05-11 10:53:55 |
|