XSS in Mozilla Firefox
CVE-2006-1731
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.appl…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.018 (75.4th percentile) — read the EPSS interpretation.
Affected products
- Mozilla Firefox — versions 1.0, 1.0.1, 1.0.2
- Mozilla Mozilla_suite — versions 1.7.6, 1.7.7, 1.7.8
- Mozilla Seamonkey — versions 1.0
- Mozilla Thunderbird — versions 1.0, 1.0.1, 1.0.2
- N/a — versions n/a
Weakness classification (CWE)
References
- secalert@redhat.com (x_refsource_UBUNTU, vendor-advisory)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
- secalert@redhat.com (x_refsource_SECUNIA, third-party-advisory)
- secalert@redhat.com (x_refsource_UBUNTU, vendor-advisory)
- secalert@redhat.com (x_refsource_HP, vendor-advisory)
- secalert@redhat.com (x_refsource_SECUNIA, third-party-advisory)
- secalert@redhat.com (x_refsource_SECUNIA, third-party-advisory)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
- secalert@redhat.com (x_refsource_SECUNIA, third-party-advisory)
- secalert@redhat.com (vendor-advisory, x_refsource_GENTOO)