Lucene search
Mozilla FoundationMFSA2006-17HistoryApr 13, 2006 - 12:00 a.m.
cross-site scripting through window.controllers — Mozilla
2006-04-1300:00:00
Mozilla Foundation
www.mozilla.org
14
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
0.076
Percentile
94.2%
shutdown demonstrated how to use the window.controllers array to bypass same-origin protections, allowing a malicious site to inject script into content from another site. This could allow the malicious page to steal information such as cookies or passwords from the other site, or perform transactions on the user’s behalf if the user were already logged in.
Affected configurations
Node
mozillafirefoxRange<1.0.8
ORmozillafirefoxRange<1.5
ORmozillamozilla_suiteRange<1.7.13
ORmozillaseamonkeyRange<1
ORmozillathunderbirdRange<1.0.8
ORmozillathunderbirdRange<1.5
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mozilla | firefox | * | cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* |
| mozilla | mozilla_suite | * | cpe:2.3:a:mozilla:mozilla_suite:*:*:*:*:*:*:*:* |
| mozilla | seamonkey | * | cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:* |
| mozilla | thunderbird | * | cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* |
Related
cve
cve
CVE-2006-1732
2006-04-14 10:02:00
debiancve
debiancve
CVE-2006-1732
2006-04-14 10:02:00
cvelist
cvelist
CVE-2006-1732
2006-04-14 10:00:00
ubuntucve
ubuntucve
CVE-2006-1732
2006-04-14 00:00:00
prion
prion
Cross site scripting
2006-04-14 10:02:00
nvd
nvd
CVE-2006-1732
2006-04-14 10:02:00
nessus
nessus
Mandrake Linux Security Advisory : mozilla-firefox (MDKSA-2006:075)
2006-04-26 00:00:00
Fedora Core 5 : firefox-1.5.0.2-1.1.fc5 (2006-411)
2006-04-21 00:00:00
Fedora Core 4 : firefox-1.0.8-1.1.fc4 (2006-410)
2006-04-21 00:00:00
openvas
openvas
SLES9: Security update for Mozilla suite
2009-10-10 00:00:00
SLES9: Security update for Mozilla suite
2009-10-10 00:00:00
Gentoo Security Advisory GLSA 200605-09 (mozilla-thunderbird)
2008-09-24 00:00:00
redhat
redhat
(RHSA-2006:0328) firefox security update
2006-04-14 00:00:00
(RHSA-2006:0329) mozilla security update
2006-04-18 00:00:00
(RHSA-2006:0330) thunderbird security update
2006-04-21 00:00:00
centos
centos
firefox security update
2006-04-14 18:00:35
galeon, mozilla security update
2006-04-18 23:53:59
thunderbird security update
2006-04-21 17:41:34
suse
suse
remote code execution in MozillaFirefox,mozilla
2006-04-20 13:13:08
remote code execution in MozillaThunderbird
2006-04-25 13:15:04
remote code execution in phpMyAdmin
2006-01-26 13:53:52
ubuntu
ubuntu
Thunderbird vulnerabilities
2006-05-03 00:00:00
Firefox vulnerabilities
2006-04-20 00:00:00
Mozilla vulnerabilities
2006-04-28 00:00:00
gentoo
gentoo
Mozilla Firefox: Multiple vulnerabilities
2006-04-23 00:00:00
Mozilla Thunderbird: Multiple vulnerabilities
2006-05-08 00:00:00
Mozilla Suite: Multiple vulnerabilities
2006-04-28 00:00:00
osv
osv
mozilla-firefox - several
2006-04-26 00:00:00
mozilla-thunderbird - several vulnerabilities
2006-05-04 00:00:00
mozilla - several
2006-04-27 00:00:00
debian
debian
freebsd
freebsd
mozilla -- multiple vulnerabilities
2006-04-13 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
0.076
Percentile
94.2%
Related for MFSA2006-17