Debian Security Bug TrackerDEBIANCVE:CVE-2006-1741CVE-2006-1741
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.059 Low
EPSS
Percentile
93.4%
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) “using a modal alert to suspend an event handler while a new page is being loaded”, (2) using eval(), and using certain variants involving (3) “new Script;” and (4) using window.proto to extend eval, aka “cross-site JavaScript injection”.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 999 | all | firefox | < 1.5.dfsg+1.5.0.2-2 | firefox_1.5.dfsg+1.5.0.2-2_all.deb |
| Debian | 12 | all | thunderbird | < 1.5.0.2-1 | thunderbird_1.5.0.2-1_all.deb |
| Debian | 11 | all | thunderbird | < 1.5.0.2-1 | thunderbird_1.5.0.2-1_all.deb |
| Debian | 10 | all | thunderbird | < 1.5.0.2-1 | thunderbird_1.5.0.2-1_all.deb |
| Debian | 999 | all | thunderbird | < 1.5.0.2-1 | thunderbird_1.5.0.2-1_all.deb |
Related
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.059 Low
EPSS
Percentile
93.4%