Lucene search

PRIOn knowledge basePRION:CVE-2006-1741

HistoryApr 14, 2006 - 10:02 a.m.

Cross site scripting

2006-04-1410:02:00

PRIOn knowledge base

www.prio-n.com

6.4 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.059 Low

EPSS

Percentile

93.3%

JSON

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) “using a modal alert to suspend an event handler while a new page is being loaded”, (2) using eval(), and using certain variants involving (3) “new Script;” and (4) using window.proto to extend eval, aka “cross-site JavaScript injection”.

CPENameOperatorVersion
ubuntu_linuxeq4.10
ubuntu_linuxeq5.04
ubuntu_linuxeq5.10
firefoxeq1.5
firefoxge1.0
firefoxlt1.0.8
mozilla_suitelt1.7.13
seamonkeylt1.0

Name	Operator	Version
ubuntu_linux	eq	4.10
ubuntu_linux	eq	5.04
ubuntu_linux	eq	5.10
firefox	eq	1.5
firefox	ge	1.0
firefox	lt	1.0.8
mozilla_suite	lt	1.7.13
seamonkey	lt	1.0

References

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt

ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc

lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html

secunia.com/advisories/19631

secunia.com/advisories/19696

secunia.com/advisories/19714

secunia.com/advisories/19721

secunia.com/advisories/19729

secunia.com/advisories/19746

secunia.com/advisories/19759

secunia.com/advisories/19780

secunia.com/advisories/19811

secunia.com/advisories/19821

secunia.com/advisories/19823

secunia.com/advisories/19852

secunia.com/advisories/19862

secunia.com/advisories/19863

secunia.com/advisories/19902

secunia.com/advisories/19941

secunia.com/advisories/19950

secunia.com/advisories/20051

secunia.com/advisories/21033

secunia.com/advisories/21622

sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1

sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1

support.avaya.com/elmodocs2/security/ASA-2006-205.htm

www.debian.org/security/2006/dsa-1044

www.debian.org/security/2006/dsa-1046

www.debian.org/security/2006/dsa-1051

www.gentoo.org/security/en/glsa/glsa-200604-12.xml

www.gentoo.org/security/en/glsa/glsa-200604-18.xml

www.gentoo.org/security/en/glsa/glsa-200605-09.xml

www.mandriva.com/security/advisories?name=MDKSA-2006:076

www.mandriva.com/security/advisories?name=MDKSA-2006:078

www.mozilla.org/security/announce/2006/mfsa2006-09.html

www.novell.com/linux/security/advisories/2006_04_25.html

www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html

www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html

www.redhat.com/support/errata/RHSA-2006-0328.html

www.redhat.com/support/errata/RHSA-2006-0329.html

www.redhat.com/support/errata/RHSA-2006-0330.html

www.securityfocus.com/archive/1/436296/100/0/threaded

www.securityfocus.com/archive/1/436338/100/0/threaded

www.securityfocus.com/archive/1/438730/100/0/threaded

www.vupen.com/english/advisories/2006/1356

exchange.xforce.ibmcloud.com/vulnerabilities/25806

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1855

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9167

usn.ubuntu.com/271-1/

usn.ubuntu.com/275-1/

usn.ubuntu.com/276-1/

6.4 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.059 Low

EPSS

Percentile

93.3%

JSON

Related for PRION:CVE-2006-1741