CVE-2006-1731
Summary
| CVE | CVE-2006-1731 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2006-04-14 10:02:00 UTC |
| Updated | 2018-10-18 16:34:00 UTC |
| Description | Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are called without any arguments, which allows remote attackers to conduct cross-site scripting (XSS) attacks. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Mozilla | Firefox | 1.0 | All | All | All |
| Application | Mozilla | Firefox | 1.0.1 | All | All | All |
| Application | Mozilla | Firefox | 1.0.2 | All | All | All |
| Application | Mozilla | Firefox | 1.0.3 | All | All | All |
| Application | Mozilla | Firefox | 1.0.4 | All | All | All |
| Application | Mozilla | Firefox | 1.0.5 | All | All | All |
| Application | Mozilla | Firefox | 1.0.6 | All | All | All |
| Application | Mozilla | Firefox | 1.5 | All | All | All |
| Application | Mozilla | Firefox | 1.5 | beta1 | All | All |
| Application | Mozilla | Firefox | 1.5 | beta2 | All | All |
| Application | Mozilla | Firefox | 1.0 | All | All | All |
| Application | Mozilla | Firefox | 1.0.1 | All | All | All |
| Application | Mozilla | Firefox | 1.0.2 | All | All | All |
| Application | Mozilla | Firefox | 1.0.3 | All | All | All |
| Application | Mozilla | Firefox | 1.0.4 | All | All | All |
| Application | Mozilla | Firefox | 1.0.5 | All | All | All |
| Application | Mozilla | Firefox | 1.0.6 | All | All | All |
| Application | Mozilla | Firefox | 1.5 | All | All | All |
| Application | Mozilla | Firefox | 1.5 | beta1 | All | All |
| Application | Mozilla | Firefox | 1.5 | beta2 | All | All |
| Application | Mozilla | Firefox | All | All | All | All |
| Application | Mozilla | Mozilla Suite | 1.7.10 | All | All | All |
| Application | Mozilla | Mozilla Suite | 1.7.11 | All | All | All |
| Application | Mozilla | Mozilla Suite | 1.7.6 | All | All | All |
| Application | Mozilla | Mozilla Suite | 1.7.7 | All | All | All |
| Application | Mozilla | Mozilla Suite | 1.7.8 | All | All | All |
| Application | Mozilla | Mozilla Suite | 1.7.10 | All | All | All |
| Application | Mozilla | Mozilla Suite | 1.7.11 | All | All | All |
| Application | Mozilla | Mozilla Suite | 1.7.6 | All | All | All |
| Application | Mozilla | Mozilla Suite | 1.7.7 | All | All | All |
| Application | Mozilla | Mozilla Suite | 1.7.8 | All | All | All |
| Application | Mozilla | Mozilla Suite | All | All | All | All |
| Application | Mozilla | Seamonkey | 1.0 | All | alpha | All |
| Application | Mozilla | Seamonkey | 1.0 | All | alpha | All |
| Application | Mozilla | Seamonkey | All | beta | All | All |
| Application | Mozilla | Thunderbird | 1.0 | All | All | All |
| Application | Mozilla | Thunderbird | 1.0.1 | All | All | All |
| Application | Mozilla | Thunderbird | 1.0.2 | All | All | All |
| Application | Mozilla | Thunderbird | 1.0.3 | All | All | All |
| Application | Mozilla | Thunderbird | 1.0.4 | All | All | All |
| Application | Mozilla | Thunderbird | 1.0.5 | All | All | All |
| Application | Mozilla | Thunderbird | 1.0.5 | beta | All | All |
| Application | Mozilla | Thunderbird | 1.0.6 | All | All | All |
| Application | Mozilla | Thunderbird | 1.5 | All | All | All |
| Application | Mozilla | Thunderbird | 1.5 | beta2 | All | All |
| Application | Mozilla | Thunderbird | 1.0 | All | All | All |
| Application | Mozilla | Thunderbird | 1.0.1 | All | All | All |
| Application | Mozilla | Thunderbird | 1.0.2 | All | All | All |
| Application | Mozilla | Thunderbird | 1.0.3 | All | All | All |
| Application | Mozilla | Thunderbird | 1.0.4 | All | All | All |
| Application | Mozilla | Thunderbird | 1.0.5 | All | All | All |
| Application | Mozilla | Thunderbird | 1.0.5 | beta | All | All |
| Application | Mozilla | Thunderbird | 1.0.6 | All | All | All |
| Application | Mozilla | Thunderbird | 1.5 | All | All | All |
| Application | Mozilla | Thunderbird | 1.5 | beta2 | All | All |
| Application | Mozilla | Thunderbird | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Mandriva update for firefox - Advisories - Secunia | SECUNIA | secunia.com | |
| [SECURITY] Fedora Core 5 Update: firefox-1.5.0.2-1.1.fc5 | FEDORA | www.redhat.com | |
| SGI Advanced Linux Environment 3 Multiple Updates - Advisories - Secunia | SECUNIA | secunia.com | |
| Webmail - OVH | VUPEN | www.vupen.com | |
| Gentoo update for mozilla-firefox / mozilla-firefox-bin - Advisories - Secunia | SECUNIA | secunia.com | |
| SUSE update for MozillaThunderbird - Advisories - Secunia | SECUNIA | secunia.com | |
| USN-275-1: Mozilla vulnerabilities | Ubuntu security notices | UBUNTU | usn.ubuntu.com | |
| Gentoo Linux Documentation -- Mozilla Suite: Multiple vulnerabilities | GENTOO | www.gentoo.org | |
| Debian -- Security Information -- DSA-1051-1 mozilla-thunderbird | DEBIAN | www.debian.org | |
| rhn.redhat.com | Red Hat Support | REDHAT | www.redhat.com | |
| Mozilla Suite, Firefox, SeaMonkey, and Thunderbird Multiple Remote Vulnerabilities | BID | www.securityfocus.com | |
| Ubuntu update for mozilla - Advisories - Secunia | SECUNIA | secunia.com | |
| Debian -- Security Information -- DSA-1044-1 mozilla-firefox | DEBIAN | www.debian.org | |
| 20060404-01-U | SGI | patches.sgi.com | |
| [SECURITY] Fedora Core 4 Update: firefox-1.0.8-1.1.fc4 | FEDORA | www.redhat.com | |
| Debian -- Security Information -- DSA-1046-1 mozilla | DEBIAN | www.debian.org | |
| Red Hat update for mozilla - Advisories - Secunia | SECUNIA | secunia.com | |
| Gentoo Linux Documentation -- Mozilla Thunderbird: Multiple vulnerabilities | GENTOO | www.gentoo.org | |
| Secunia - Advisories - Red Hat update for firefox | SECUNIA | secunia.com | |
| Secunia - Advisories - Gentoo update for mozilla-thunderbird | SECUNIA | secunia.com | |
| 228526 | SUNALERT | sunsolve.sun.com | |
| USN-271-1: Firefox vulnerabilities | Ubuntu security notices | UBUNTU | usn.ubuntu.com | |
| SecurityFocus | FEDORA | www.securityfocus.com | |
| Advisories - Mandriva Linux | MANDRIVA | www.mandriva.com | |
| rhn.redhat.com | Red Hat Support | REDHAT | www.redhat.com | |
| #102550: Multiple Security Vulnerabilites in Mozilla 1.4 and 1.7 for Solaris and for Sun JDS for Linux | SUNALERT | sunsolve.sun.com | |
| SecurityFocus | FEDORA | www.securityfocus.com | |
| Fedora update for firefox - Advisories - Secunia | SECUNIA | secunia.com | |
| Ubuntu update for thunderbird - Advisories - Secunia | SECUNIA | secunia.com | |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| Firefox Multiple Vulnerabilities - Advisories - Secunia | SECUNIA | secunia.com | |
| Ubuntu update for firefox - Advisories - Secunia | SECUNIA | secunia.com | |
| Gentoo update for mozilla - Advisories - Secunia | SECUNIA | secunia.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| SUSE update for mozilla/firefox - Advisories - Secunia | SECUNIA | secunia.com | |
| Debian update for mozilla - Advisories - Secunia | SECUNIA | secunia.com | |
| Debian update for mozilla-thunderbird - Advisories - Secunia | SECUNIA | secunia.com | |
| Advisories - Mandriva Linux | MANDRIVA | www.mandriva.com | |
| UnixWare update for mozilla - Advisories - Secunia | SECUNIA | secunia.com | |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| Advisories - Mandriva Linux | MANDRIVA | www.mandriva.com | |
| Gentoo Linux Documentation -- Mozilla Firefox: Multiple vulnerabilities | GENTOO | www.gentoo.org | |
| Red Hat update for thunderbird - Advisories - Secunia | SECUNIA | secunia.com | |
| Debian update for mozilla-firefox - Advisories - Secunia | SECUNIA | secunia.com | |
| SuSE Security announcements: [suse-security-announce] SUSE Security Announcement: Mozilla Firefox, Mozilla Suite various problems (SUSE-SA:2006:021) | SUSE | lists.suse.com | |
| SCOSA-2006.26 | SCO | ftp.sco.com | |
| Sun Solaris update for mozilla - Advisories - Secunia | SECUNIA | secunia.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Security Announcement | SUSE | www.novell.com | |
| rhn.redhat.com | Red Hat Support | REDHAT | www.redhat.com | |
| USN-276-1: Thunderbird vulnerabilities | Ubuntu security notices | UBUNTU | usn.ubuntu.com | |
| SecurityFocus | HP | www.securityfocus.com | |
| ASA-2006-205 (SUN 102502, 102513, 102514, 102519, 102550, 102556, 102557, 102582, 102588, 102589, 102593) | CONFIRM | support.avaya.com | |
| Mandriva update for mozilla-thunderbird - Advisories - Secunia | SECUNIA | secunia.com | |
| MFSA 2006-19: Cross-site scripting using .valueOf.call() | CONFIRM | www.mozilla.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.