CVE-2006-1741

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection".

• CWE-79

• ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txtBroken Link
• ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.ascBroken Link
• http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.htmlBroken Link
• http://secunia.com/advisories/19631Third Party Advisory
• http://secunia.com/advisories/19696Third Party Advisory
• http://secunia.com/advisories/19714Third Party Advisory
• http://secunia.com/advisories/19721Third Party Advisory
• http://secunia.com/advisories/19729Third Party Advisory
• http://secunia.com/advisories/19746Third Party Advisory
• http://secunia.com/advisories/19759Third Party Advisory
• http://secunia.com/advisories/19780Third Party Advisory
• http://secunia.com/advisories/19811Third Party Advisory
• http://secunia.com/advisories/19821Third Party Advisory
• http://secunia.com/advisories/19823Third Party Advisory
• http://secunia.com/advisories/19852Third Party Advisory
• http://secunia.com/advisories/19862Third Party Advisory
• http://secunia.com/advisories/19863Third Party Advisory
• http://secunia.com/advisories/19902Third Party Advisory
• http://secunia.com/advisories/19941Third Party Advisory
• http://secunia.com/advisories/19950Third Party Advisory
• http://secunia.com/advisories/20051Third Party Advisory
• http://secunia.com/advisories/21033Third Party Advisory
• http://secunia.com/advisories/21622Third Party Advisory
• http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1Broken Link
• http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1Broken Link
• http://support.avaya.com/elmodocs2/security/ASA-2006-205.htmThird Party Advisory
• http://www.debian.org/security/2006/dsa-1044Third Party Advisory
• http://www.debian.org/security/2006/dsa-1046Third Party Advisory
• http://www.debian.org/security/2006/dsa-1051Third Party Advisory
• http://www.gentoo.org/security/en/glsa/glsa-200604-12.xmlThird Party Advisory
• http://www.gentoo.org/security/en/glsa/glsa-200604-18.xmlThird Party Advisory
• http://www.gentoo.org/security/en/glsa/glsa-200605-09.xmlThird Party Advisory
• http://www.mandriva.com/security/advisories?name=MDKSA-2006:076Third Party Advisory
• http://www.mandriva.com/security/advisories?name=MDKSA-2006:078Third Party Advisory
• http://www.mozilla.org/security/announce/2006/mfsa2006-09.htmlExploit
• http://www.novell.com/linux/security/advisories/2006_04_25.htmlBroken Link
• http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.htmlThird Party Advisory
• http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.htmlThird Party Advisory
• http://www.redhat.com/support/errata/RHSA-2006-0328.htmlThird Party Advisory
• http://www.redhat.com/support/errata/RHSA-2006-0329.htmlThird Party Advisory
• http://www.redhat.com/support/errata/RHSA-2006-0330.htmlThird Party Advisory
• http://www.securityfocus.com/archive/1/436296/100/0/threaded
• http://www.securityfocus.com/archive/1/436338/100/0/threaded
• http://www.securityfocus.com/archive/1/438730/100/0/threaded
• http://www.vupen.com/english/advisories/2006/1356Permissions Required, Third Party Advisory
• https://exchange.xforce.ibmcloud.com/vulnerabilities/25806Third Party Advisory, VDB Entry
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1855Third Party Advisory
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9167Third Party Advisory
• https://usn.ubuntu.com/271-1/Third Party Advisory
• https://usn.ubuntu.com/275-1/Third Party Advisory
• https://usn.ubuntu.com/276-1/Third Party Advisory
• ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txtBroken Link
• ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.ascBroken Link
• http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.htmlBroken Link
• http://secunia.com/advisories/19631Third Party Advisory
• http://secunia.com/advisories/19696Third Party Advisory
• http://secunia.com/advisories/19714Third Party Advisory
• http://secunia.com/advisories/19721Third Party Advisory
• http://secunia.com/advisories/19729Third Party Advisory
• http://secunia.com/advisories/19746Third Party Advisory
• http://secunia.com/advisories/19759Third Party Advisory
• http://secunia.com/advisories/19780Third Party Advisory
• http://secunia.com/advisories/19811Third Party Advisory
• http://secunia.com/advisories/19821Third Party Advisory
• http://secunia.com/advisories/19823Third Party Advisory
• http://secunia.com/advisories/19852Third Party Advisory
• http://secunia.com/advisories/19862Third Party Advisory
• http://secunia.com/advisories/19863Third Party Advisory
• http://secunia.com/advisories/19902Third Party Advisory
• http://secunia.com/advisories/19941Third Party Advisory
• http://secunia.com/advisories/19950Third Party Advisory
• http://secunia.com/advisories/20051Third Party Advisory
• http://secunia.com/advisories/21033Third Party Advisory
• http://secunia.com/advisories/21622Third Party Advisory
• http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1Broken Link
• http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1Broken Link
• http://support.avaya.com/elmodocs2/security/ASA-2006-205.htmThird Party Advisory
• http://www.debian.org/security/2006/dsa-1044Third Party Advisory
• http://www.debian.org/security/2006/dsa-1046Third Party Advisory
• http://www.debian.org/security/2006/dsa-1051Third Party Advisory
• http://www.gentoo.org/security/en/glsa/glsa-200604-12.xmlThird Party Advisory
• http://www.gentoo.org/security/en/glsa/glsa-200604-18.xmlThird Party Advisory
• http://www.gentoo.org/security/en/glsa/glsa-200605-09.xmlThird Party Advisory
• http://www.mandriva.com/security/advisories?name=MDKSA-2006:076Third Party Advisory
• http://www.mandriva.com/security/advisories?name=MDKSA-2006:078Third Party Advisory
• http://www.mozilla.org/security/announce/2006/mfsa2006-09.htmlExploit
• http://www.novell.com/linux/security/advisories/2006_04_25.htmlBroken Link
• http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.htmlThird Party Advisory
• http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.htmlThird Party Advisory
• http://www.redhat.com/support/errata/RHSA-2006-0328.htmlThird Party Advisory
• http://www.redhat.com/support/errata/RHSA-2006-0329.htmlThird Party Advisory
• http://www.redhat.com/support/errata/RHSA-2006-0330.htmlThird Party Advisory
• http://www.securityfocus.com/archive/1/436296/100/0/threaded
• http://www.securityfocus.com/archive/1/436338/100/0/threaded
• http://www.securityfocus.com/archive/1/438730/100/0/threaded
• http://www.vupen.com/english/advisories/2006/1356Permissions Required, Third Party Advisory
• https://exchange.xforce.ibmcloud.com/vulnerabilities/25806Third Party Advisory, VDB Entry
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1855Third Party Advisory
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9167Third Party Advisory
• https://usn.ubuntu.com/271-1/Third Party Advisory
• https://usn.ubuntu.com/275-1/Third Party Advisory
• https://usn.ubuntu.com/276-1/Third Party Advisory

Published

Apr 14, 2006

Last Modified

Jun 16, 2026

Status

Modified