New Search

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8 Mozilla Suite before 1.7.13 and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded" (2) using eval() and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval aka "cross-site JavaScript injection".

oval:org.mitre.oval:def:9167

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8 Mozilla Suite before 1.7.13 and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded" (2) using eval() and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval aka "cross-site JavaScript injection".

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Red Hat Enterprise Linux 4
  • Oracle Linux 4
  • CentOS Linux 4
  • CentOS Linux 3
  • Red Hat Enterprise Linux 3
Class:
vulnerability
Reference(s):
  • CVE-2006-1741
Product(s):