CVE-2006-1741 — MEDIUM (4.3)

Q: How severe is CVE-2006-1741?

CVE-2006-1741 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2006-1741?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Mozilla Suite, Mozilla Seamonkey, Canonical Ubuntu Linux.

Vulnerability Description

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection".

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Mozilla	Firefox	>= 1.0, < 1.0.8
Mozilla	Mozilla Suite	< 1.7.13
Mozilla	Seamonkey	< 1.0
Canonical	Ubuntu Linux	4.10

Related Weaknesses (CWE)

CWE-79

References

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txtBroken Link
ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.ascBroken Link
http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.htmlBroken Link
http://secunia.com/advisories/19631Third Party Advisory
http://secunia.com/advisories/19696Third Party Advisory
http://secunia.com/advisories/19714Third Party Advisory
http://secunia.com/advisories/19721Third Party Advisory
http://secunia.com/advisories/19729Third Party Advisory
http://secunia.com/advisories/19746Third Party Advisory
http://secunia.com/advisories/19759Third Party Advisory
http://secunia.com/advisories/19780Third Party Advisory
http://secunia.com/advisories/19811Third Party Advisory
http://secunia.com/advisories/19821Third Party Advisory
http://secunia.com/advisories/19823Third Party Advisory
http://secunia.com/advisories/19852Third Party Advisory

FAQ

What is CVE-2006-1741?

CVE-2006-1741 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a mod...

How severe is CVE-2006-1741?

CVE-2006-1741 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2006-1741?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Mozilla Suite, Mozilla Seamonkey, Canonical Ubuntu Linux.