oval:org.mitre.oval:def:1855
| Definition Id: oval:org.mitre.oval:def:1855 | |||
| Oval ID: | oval:org.mitre.oval:def:1855 | ||
| Title: | Mozilla Cross-site JavaScript Injection Using Event Handlers | ||
| Description: | Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection". | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-1741 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
