Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection".
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
DSA-1044-1 | New Mozilla Firefox packages fix several vulnerabilities |
![]() |
DSA-1046-1 | New Mozilla packages fix several vulnerabilities |
![]() |
DSA-1051-1 | New Mozilla Thunderbird packages fix several vulnerabilities |
![]() |
EUVD-2006-1741 | Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection". |
![]() |
USN-271-1 | Firefox vulnerabilities |
![]() |
USN-275-1 | Mozilla vulnerabilities |
![]() |
USN-276-1 | Thunderbird vulnerabilities |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.

Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2024-08-07T17:19:49.531Z
Reserved: 2006-04-12T00:00:00
Link: CVE-2006-1741

No data.

Status : Deferred
Published: 2006-04-14T10:02:00.000
Modified: 2025-04-03T01:03:51.193
Link: CVE-2006-1741


No data.