1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
PublicDate: 2006-04-14
Candidate: CVE-2006-1741
References:
http://www.ubuntu.com/usn/usn-276-1
http://www.ubuntu.com/usn/usn-271-1
http://www.ubuntu.com/usn/usn-275-1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1741
Description:
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before
1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject
arbitrary Javascript into other sites by (1) "using a modal alert to
suspend an event handler while a new page is being loaded", (2) using
eval(), and using certain variants involving (3) "new Script;" and (4)
using window.__proto__ to extend eval, aka "cross-site JavaScript
injection".
Ubuntu-Description:
Notes:
Bugs:
dapper_midbrowser: DNE
edgy_midbrowser: DNE
feisty_midbrowser: DNE
devel_midbrowser: released (0.1.6b-0ubuntu2)
dapper_mozilla-thunderbird: released (1.5.0.13-0ubuntu0.6.06)
edgy_mozilla-thunderbird: released (1.5.0.13-0ubuntu0.6.10)
feisty_mozilla-thunderbird: released (1.5.0.13-0ubuntu0.7.04)
devel_mozilla-thunderbird: DNE
dapper_firefox-granparadiso: DNE
edgy_firefox-granparadiso: DNE
feisty_firefox-granparadiso: DNE
devel_firefox-granparadiso: released (3.0~alpha7-0ubuntu6)
dapper_firefox: released (1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1)
edgy_firefox: not-affected
feisty_firefox: not-affected
dapper_lightning-sunbird: DNE
edgy_lightning-sunbird: DNE
feisty_lightning-sunbird: DNE
devel_lightning-sunbird: released (0.5-0ubuntu4)
upstream_firefox:
upstream_firefox-granparadiso:
upstream_lightning-sunbird:
upstream_midbrowser:
upstream_mozilla-thunderbird:
|