Lucene search

K
cve[email protected]CVE-2006-1741
HistoryApr 14, 2006 - 10:02 a.m.

CVE-2006-1741

2006-04-1410:02:00
CWE-79
web.nvd.nist.gov
44
cve-2006-1741
mozilla firefox
mozilla suite
cross-site scripting
javascript injection
nvd

6.2 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.059 Low

EPSS

Percentile

93.3%

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) “using a modal alert to suspend an event handler while a new page is being loaded”, (2) using eval(), and using certain variants involving (3) “new Script;” and (4) using window.proto to extend eval, aka “cross-site JavaScript injection”.

References

6.2 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.059 Low

EPSS

Percentile

93.3%